Phpmyadmin : Security Vulnerabilities, CVEs, (Gain Privilege) CVSS score >= 3
An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.
Max CVSS
4.3
EPSS Score
0.05%
Published
2022-01-22
Updated
2023-11-26
CVE-2018-12613
Public exploit
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).
Max CVSS
8.8
EPSS Score
97.41%
Published
2018-06-21
Updated
2021-11-02
phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function.
Max CVSS
5.0
EPSS Score
0.56%
Published
2010-12-17
Updated
2011-01-28
3 vulnerabilities found