| Max CVSS | 8.5 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-12616 | 4.3 |
An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim'
|
14-06-2019 - 04:29 | 05-06-2019 - 05:29 | |
| CVE-2016-9850 | 5.0 |
An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to
|
01-07-2017 - 01:30 | 11-12-2016 - 02:59 | |
| CVE-2016-6624 | 4.3 |
An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not
|
01-07-2017 - 01:30 | 11-12-2016 - 02:59 | |
| CVE-2016-9849 | 7.5 |
An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4
|
01-07-2017 - 01:30 | 11-12-2016 - 02:59 | |
| CVE-2016-6613 | 2.1 |
An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions (prior to 4.6.4), 4.4.x versio
|
01-07-2017 - 01:30 | 11-12-2016 - 02:59 | |
| CVE-2016-9864 | 6.0 |
An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tab
|
01-07-2017 - 01:30 | 11-12-2016 - 03:00 | |
| CVE-2016-6630 | 4.0 |
An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0
|
01-07-2017 - 01:30 | 11-12-2016 - 02:59 | |
| CVE-2016-6612 | 4.0 |
An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to
|
01-07-2017 - 01:30 | 11-12-2016 - 02:59 | |
| CVE-2016-6627 | 5.0 |
An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
|
01-07-2017 - 01:30 | 11-12-2016 - 02:59 | |
| CVE-2016-6628 | 6.8 |
An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are
|
01-07-2017 - 01:30 | 11-12-2016 - 02:59 | |
| CVE-2016-6632 | 4.3 |
An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.
|
01-07-2017 - 01:30 | 11-12-2016 - 02:59 | |
| CVE-2016-6631 | 8.5 |
An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a co
|
01-07-2017 - 01:30 | 11-12-2016 - 02:59 | |
| CVE-2016-6611 | 5.1 |
An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x
|
01-07-2017 - 01:30 | 11-12-2016 - 02:59 | |
| CVE-2016-6626 | 5.8 |
An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
|
01-07-2017 - 01:30 | 11-12-2016 - 02:59 | |
| CVE-2016-6607 | 4.3 |
XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an
|
01-07-2017 - 01:30 | 11-12-2016 - 02:59 | |
| CVE-2016-9861 | 5.0 |
An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) ar
|
01-07-2017 - 01:30 | 11-12-2016 - 03:00 | |
| CVE-2016-6606 | 5.0 |
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and passwo
|
01-07-2017 - 01:30 | 11-12-2016 - 02:59 |