Search for packages
| purl | pkg:composer/phpmyadmin/phpmyadmin@4.5.0 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-17ng-yksd-eybe
Aliases: CVE-2019-6798 GHSA-f732-fxh6-g4qj |
An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature. |
Affected by 12 other vulnerabilities. |
|
VCID-84pb-neh5-73by
Aliases: CVE-2016-2041 GHSA-8m97-xc46-rw9w |
phpMyAdmin Unsafe comparison of XSRF/CSRF token libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences. |
Affected by 2 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-9h1t-5fsg-bbcp
Aliases: CVE-2016-2559 GHSA-7rf8-9r8f-qf59 |
phpMyAdmin Cross-site scripting (XSS) vulnerability in SQL parser Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query. |
Affected by 0 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-f4bk-253j-fkgv
Aliases: CVE-2015-7873 GHSA-5pmg-qh2c-7j24 |
phpMyAdmin allows remote attackers to spoof content via the url parameter The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. |
Affected by 4 other vulnerabilities. |
|
VCID-nmus-bk41-qfbq
Aliases: CVE-2016-1927 GHSA-4gmg-gwjh-3mmr |
phpMyAdmin Cryptographic Vulnerability The `suggestPassword` function in `js/functions.js` in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the `Math.random` JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach. |
Affected by 2 other vulnerabilities. |
|
VCID-qxgd-ufvd-nue7
Aliases: CVE-2016-2040 GHSA-pw34-qf6c-84fc |
phpMyAdmin XSS Vulnerability Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header. |
Affected by 2 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-r3az-36ru-jbhv
Aliases: CVE-2016-2562 GHSA-w8qg-j9fp-hrjf |
phpMyAdmin Improper Input Validation The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate. |
Affected by 0 other vulnerabilities. Affected by 22 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||