Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 260 results


CVE-2023-25727

Medium priority
Needs evaluation

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.

1 affected packages

phpmyadmin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
phpmyadmin Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-22452

Medium priority
Needs evaluation

SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.

1 affected packages

phpmyadmin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
phpmyadmin Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-0813

Medium priority
Needs evaluation

PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.

1 affected packages

phpmyadmin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
phpmyadmin Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-23808

Medium priority
Needs evaluation

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.

1 affected packages

phpmyadmin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
phpmyadmin Needs evaluation Needs evaluation Not affected Not affected Not affected
Show less packages

CVE-2022-23807

Medium priority
Vulnerable

An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.

1 affected packages

phpmyadmin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
phpmyadmin Needs evaluation Needs evaluation Vulnerable Not affected Not affected
Show less packages

CVE-2021-21252

Medium priority
Vulnerable

The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are...

3 affected packages

civicrm, otrs2, phpmyadmin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
civicrm Not in release Vulnerable Vulnerable Vulnerable Vulnerable
otrs2 Not in release Vulnerable Vulnerable Vulnerable Vulnerable
phpmyadmin Not affected Not affected Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2020-22278

Medium priority
Ignored

** DISPUTED ** phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents."

1 affected packages

phpmyadmin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
phpmyadmin Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2020-26935

Medium priority
Fixed

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this...

1 affected packages

phpmyadmin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
phpmyadmin Not affected Not affected Fixed Fixed Not affected
Show less packages

CVE-2020-26934

Medium priority

Some fixes available 2 of 4

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.

1 affected packages

phpmyadmin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
phpmyadmin Not affected Not affected Fixed Fixed Vulnerable
Show less packages

CVE-2020-11441

Medium priority
Ignored

** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see...

1 affected packages

phpmyadmin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
phpmyadmin Not affected Not affected Not affected Not affected Not affected
Show less packages