Search for packages
| purl | pkg:composer/phpmyadmin/phpmyadmin@4.4.0 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1kme-6s76-k3es
Aliases: CVE-2016-5705 GHSA-6q2j-8h8q-46mr |
phpMyAdmin vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation. |
Affected by 0 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-2739-kr2f-fbd8
Aliases: CVE-2016-5731 GHSA-mwm8-36c5-j5cf |
phpMyAdmin Cross-site scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message. |
Affected by 0 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-2x7w-vq7h-jfcu
Aliases: CVE-2016-9853 GHSA-rmmf-5xhh-gg27 |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
|
VCID-35nm-8pfp-mkaq
Aliases: CVE-2016-9866 GHSA-jvxx-8xxf-5495 |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
|
VCID-49vs-6j8s-pkey
Aliases: CVE-2015-6830 GHSA-v6fh-vg22-r6cm |
phpMyAdmin ReCaptcha bypass libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha. |
Affected by 5 other vulnerabilities. |
|
VCID-4k9b-4mxz-87e5
Aliases: CVE-2016-6629 GHSA-567r-vqj7-5cw7 |
phpMyAdmin Authentication Bypass An issue was discovered in phpMyAdmin involving the `$cfg['ArbitraryServerRegexp']` configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-5qej-xfah-1kaa
Aliases: CVE-2016-6628 GHSA-phhm-63xx-v9rr |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-6j1s-geef-pfb6
Aliases: CVE-2017-1000018 GHSA-47qr-f86f-3wm4 |
phpMyAdmin DoS Vulnerability phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-7udu-bp8s-t7es
Aliases: CVE-2017-1000013 GHSA-5h5m-fj48-qpjw |
phpMyAdmin Open Redirect phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-84pb-neh5-73by
Aliases: CVE-2016-2041 GHSA-8m97-xc46-rw9w |
phpMyAdmin Unsafe comparison of XSRF/CSRF token libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-96h9-nz2g-g3be
Aliases: CVE-2016-6618 GHSA-rv6m-chvv-wmxg |
phpMyAdmin Denial of service (DOS) attack in transformation feature An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-ar2s-q1ey-9ua6
Aliases: CVE-2016-9856 GHSA-j8mx-x32r-5rf4 |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-c4mp-bzke-4bhw
Aliases: CVE-2016-6622 GHSA-qf3f-7x69-qfv3 |
phpMyAdmin DoS Vulnerability An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with `$cfg['AllowArbitraryServer']=true`. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-dpv2-3xj4-s7hm
Aliases: CVE-2016-5706 GHSA-9rmm-8fp4-26hv |
phpMyAdmin Denial Of Service (DOS) attack js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter. |
Affected by 0 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-drq8-z1qe-7ufh
Aliases: CVE-2017-1000017 GHSA-99xj-xqc9-98hr |
phpMyAdmin SSRF in replication phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-e3xu-5ny1-rkab
Aliases: CVE-2016-6633 GHSA-p849-vf5f-f3x7 |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-f4bk-253j-fkgv
Aliases: CVE-2015-7873 GHSA-5pmg-qh2c-7j24 |
phpMyAdmin allows remote attackers to spoof content via the url parameter The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. |
Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-g67g-ycx6-ebat
Aliases: CVE-2017-18264 GHSA-5868-g58j-vrj5 |
An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions (e.g., version 5). This can allow the login of users who have no password set even if the administrator has set $cfg['Servers'][$i]['AllowNoPassword'] to false (which is also the default). This occurs because some implementations of the PHP substr function return false when given '' as the first argument. |
Affected by 22 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-hy45-dt9r-y3a2
Aliases: CVE-2016-6612 GHSA-fcgm-62p3-f7cm |
phpMyAdmin Local file exposure An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-jxqx-dh1t-eua2
Aliases: CVE-2016-6624 GHSA-mhxj-6vf8-mwv3 |
phpMyAdmin IPv6 and proxy server IP-based authentication rule circumvention An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-kw8w-rzsv-x7aq
Aliases: CVE-2016-9851 GHSA-r2vw-p77f-vc27 |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-kzr5-ef5h-dfbr
Aliases: CVE-2016-6613 GHSA-6j2v-g9rg-qcm5 |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-nmus-bk41-qfbq
Aliases: CVE-2016-1927 GHSA-4gmg-gwjh-3mmr |
phpMyAdmin Cryptographic Vulnerability The `suggestPassword` function in `js/functions.js` in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the `Math.random` JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-p8xn-tscc-4qhu
Aliases: CVE-2017-1000015 GHSA-3fgq-cmr4-97rr |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-qmfr-5d3y-27au
Aliases: CVE-2016-6609 GHSA-wpww-hx7x-xfjh |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-qu34-hevh-v3a9
Aliases: CVE-2016-6621 GHSA-44vv-mm86-7cg6 |
phpMyAdmin server-side request forgery (SSRF) The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-qvb8-x5h7-1kax
Aliases: CVE-2016-9857 GHSA-hmmx-wxh4-9w8w |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-qxgd-ufvd-nue7
Aliases: CVE-2016-2040 GHSA-pw34-qf6c-84fc |
phpMyAdmin XSS Vulnerability Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-rqvv-7dvy-dqfd
Aliases: CVE-2016-9860 GHSA-3hw5-fffc-qrg4 |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-rs9g-rj3u-1bfy
Aliases: CVE-2016-9861 GHSA-r326-mp8g-6xfc |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-rspx-kym8-xydx
Aliases: CVE-2016-5730 GHSA-wm9c-vcv2-vpqc |
phpMyAdmin full path disclosure vulnerability phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message. |
Affected by 0 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-xrnq-v6ph-97hn
Aliases: CVE-2016-9847 GHSA-9xhq-pm7v-693p |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-yvwv-ebhn-x3g5
Aliases: CVE-2016-6625 GHSA-r643-7xfg-ppc5 |
phpMyAdmin allows to detect if user is logged in An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-z37z-773u-2fd7
Aliases: CVE-2016-6632 GHSA-426q-975p-w5cr |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-zjy7-eubd-1qbz
Aliases: CVE-2016-6623 GHSA-2mcj-3r3r-v5wm |
Affected by 0 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
|
VCID-zxus-a2uc-aqe8
Aliases: CVE-2017-1000014 GHSA-9hrc-rwrq-v6mh |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 22 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||