Search for packages
| purl | pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B0 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5bk1-q3nj-6qef
Aliases: CVE-2016-5733 GHSA-cr65-p662-fx5c |
phpMyAdmin vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml. |
Affected by 0 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-fsw3-zq48-s3bh
Aliases: CVE-2016-5701 GHSA-rh74-5835-jpxp |
phpMyAdmin vulnerable to Cross-site Scripting setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI. |
Affected by 0 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-m59a-5uea-rfa9
Aliases: CVE-2016-5734 GHSA-rv57-479x-x4qv |
phpMyAdmin Code Injection vulnerability phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation. |
Affected by 0 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-qhn7-b1w4-vkfn
Aliases: CVE-2016-5739 GHSA-2p7v-jm8m-g3qq |
phpMyAdmin vulnerable to Cross-Site Request Forgery The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php. |
Affected by 0 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 13 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||