| Max CVSS | 7.5 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-18264 | 7.5 |
An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions (e.g., vers
|
03-10-2019 - 00:03 | 01-05-2018 - 17:29 | |
| CVE-2016-9865 | 7.5 |
An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x v
|
08-07-2018 - 01:29 | 11-12-2016 - 03:00 | |
| CVE-2016-6619 | 6.5 |
An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x ve
|
08-07-2018 - 01:29 | 11-12-2016 - 02:59 | |
| CVE-2016-6609 | 6.5 |
An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior
|
08-07-2018 - 01:29 | 11-12-2016 - 02:59 | |
| CVE-2016-6618 | 4.0 |
An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.
|
08-07-2018 - 01:29 | 11-12-2016 - 02:59 | |
| CVE-2016-6614 | 4.3 |
An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to tra
|
08-07-2018 - 01:29 | 11-12-2016 - 02:59 | |
| CVE-2016-6622 | 4.3 |
An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.4
|
08-07-2018 - 01:29 | 11-12-2016 - 02:59 | |
| CVE-2016-6615 | 4.3 |
XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the "Tracking" feature (a specially-crafted query can be used to trigge
|
08-07-2018 - 01:29 | 11-12-2016 - 02:59 | |
| CVE-2016-6616 | 6.8 |
An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are aff
|
08-07-2018 - 01:29 | 11-12-2016 - 02:59 | |
| CVE-2016-6621 | 5.0 |
The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.
|
08-07-2018 - 01:29 | 31-01-2017 - 19:59 | |
| CVE-2016-6620 | 7.5 |
An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation a
|
08-07-2018 - 01:29 | 11-12-2016 - 02:59 |