Phpmyadmin : Security Vulnerabilities, CVEs, Published In 2019
phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php.
Max CVSS
9.8
EPSS Score
0.19%
Published
2019-12-06
Updated
2020-11-10
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.
Max CVSS
9.8
EPSS Score
0.53%
Published
2019-11-22
Updated
2020-01-14
A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.
Max CVSS
6.5
EPSS Score
91.97%
Published
2019-09-13
Updated
2023-02-02
An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.
Max CVSS
6.5
EPSS Score
1.70%
Published
2019-06-05
Updated
2019-06-14
An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.
Max CVSS
9.8
EPSS Score
0.75%
Published
2019-06-05
Updated
2019-06-14
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls.
Max CVSS
5.9
EPSS Score
18.29%
Published
2019-01-26
Updated
2020-08-24
An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.
Max CVSS
9.8
EPSS Score
0.16%
Published
2019-01-26
Updated
2019-01-28
7 vulnerabilities found