Search for packages
| purl | pkg:deb/debian/phpmyadmin@4:4.6.3-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-19c4-dbx1-e3aj | Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could lead to arbitrary code execution. |
CVE-2016-5732
GHSA-3q28-xfw3-2q35 |
| VCID-81mz-gdhq-r7fm | Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could lead to arbitrary code execution. |
CVE-2016-5704
GHSA-gcvp-cwgw-wx8j |
| VCID-a1h3-y1fe-7fe2 | phpMyAdmin vulnerable to Cross-site Scripting setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI. |
CVE-2016-5701
GHSA-rh74-5835-jpxp |
| VCID-b5bf-6u8e-byh8 | phpMyAdmin Denial Of Service (DOS) attack js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter. |
CVE-2016-5706
GHSA-9rmm-8fp4-26hv |
| VCID-cx8d-r8hf-3kak | phpMyAdmin vulnerable to Cross-Site Request Forgery The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php. |
CVE-2016-5739
GHSA-2p7v-jm8m-g3qq |
| VCID-g76e-r914-xfgc | Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could lead to arbitrary code execution. |
CVE-2016-5702
GHSA-xqw9-ffx7-g998 |
| VCID-hucu-azum-53bw | Information Exposure phpMyAdmin allows remote attackers to obtain sensitive information. |
CVE-2016-5730
GHSA-wm9c-vcv2-vpqc |
| VCID-nz1c-xk2s-3fau | Cross-site Scripting Cross-site scripting (XSS) vulnerability in `examples/openid.php` in phpMyAdmin allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message. |
CVE-2016-5731
GHSA-mwm8-36c5-j5cf |
| VCID-r8te-6fr7-tuc2 | phpMyAdmin vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation. |
CVE-2016-5705
GHSA-6q2j-8h8q-46mr |
| VCID-we1q-4dc4-qufn | phpMyAdmin vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml. |
CVE-2016-5733
GHSA-cr65-p662-fx5c |
| VCID-whem-kvgm-47he | Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could lead to arbitrary code execution. |
CVE-2016-5703
|
| VCID-zbha-a7rp-nbd9 | Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could lead to arbitrary code execution. |
CVE-2016-5734
GHSA-rv57-479x-x4qv |