Search CVE reports
1 – 10 of 260 results
CVE-2023-25727
Medium priorityIn phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.
1 affected packages
phpmyadmin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
phpmyadmin | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-22452
Medium prioritySQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.
1 affected packages
phpmyadmin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
phpmyadmin | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-0813
Medium priorityPhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.
1 affected packages
phpmyadmin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
phpmyadmin | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-23808
Medium priorityAn issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.
1 affected packages
phpmyadmin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
phpmyadmin | Needs evaluation | Needs evaluation | Not affected | Not affected | Not affected |
CVE-2022-23807
Medium priorityAn issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.
1 affected packages
phpmyadmin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
phpmyadmin | Needs evaluation | Needs evaluation | Vulnerable | Not affected | Not affected |
CVE-2021-21252
Medium priorityThe jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are...
3 affected packages
civicrm, otrs2, phpmyadmin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
civicrm | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
otrs2 | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
phpmyadmin | Not affected | Not affected | Vulnerable | Vulnerable | Vulnerable |
CVE-2020-22278
Medium priority** DISPUTED ** phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents."
1 affected packages
phpmyadmin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
phpmyadmin | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2020-26935
Medium priorityAn issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this...
1 affected packages
phpmyadmin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
phpmyadmin | Not affected | Not affected | Fixed | Fixed | Not affected |
CVE-2020-26934
Medium prioritySome fixes available 2 of 4
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
1 affected packages
phpmyadmin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
phpmyadmin | Not affected | Not affected | Fixed | Fixed | Vulnerable |
CVE-2020-11441
Medium priority** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see...
1 affected packages
phpmyadmin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
phpmyadmin | Not affected | Not affected | Not affected | Not affected | Not affected |