| Max CVSS | 5.0 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-2039 | 5.0 |
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
|
30-10-2018 - 16:27 | 20-02-2016 - 01:59 | |
| CVE-2016-2042 | 5.0 |
phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path
|
30-10-2018 - 16:27 | 20-02-2016 - 01:59 | |
| CVE-2016-2040 | 3.5 |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) s
|
30-10-2018 - 16:27 | 20-02-2016 - 01:59 | |
| CVE-2016-2038 | 5.0 |
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
|
30-10-2018 - 16:27 | 20-02-2016 - 01:59 | |
| CVE-2016-2041 | 5.0 |
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restri
|
30-10-2018 - 16:27 | 20-02-2016 - 01:59 | |
| CVE-2016-2043 | 3.5 |
Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the
|
30-10-2018 - 16:27 | 20-02-2016 - 01:59 | |
| CVE-2016-1927 | 5.0 |
The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a bru
|
28-11-2016 - 20:02 | 20-02-2016 - 01:59 | |
| CVE-2016-2044 | 5.0 |
libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
|
17-08-2016 - 19:37 | 20-02-2016 - 01:59 | |
| CVE-2016-2045 | 3.5 |
Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.
|
02-08-2016 - 18:42 | 20-02-2016 - 01:59 |