Search for packages
| purl | pkg:composer/phpmyadmin/phpmyadmin@4.4.7 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7udu-bp8s-t7es
Aliases: CVE-2017-1000013 GHSA-5h5m-fj48-qpjw |
phpMyAdmin Open Redirect phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-84pb-neh5-73by
Aliases: CVE-2016-2041 GHSA-8m97-xc46-rw9w |
phpMyAdmin Unsafe comparison of XSRF/CSRF token libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-p8xn-tscc-4qhu
Aliases: CVE-2017-1000015 GHSA-3fgq-cmr4-97rr |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
|
VCID-qxgd-ufvd-nue7
Aliases: CVE-2016-2040 GHSA-pw34-qf6c-84fc |
phpMyAdmin XSS Vulnerability Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-zxus-a2uc-aqe8
Aliases: CVE-2017-1000014 GHSA-9hrc-rwrq-v6mh |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 22 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||