Refine your search
42 vulnerabilities found for phpmyadmin by phpmyadmin
CVE-2025-24530 (GCVE-0-2025-24530)
Vulnerability from nvd
Published
2025-01-23 00:00
Modified
2025-11-03 19:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin |
Version: 5.0.0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24530",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T15:02:00.369223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T15:02:09.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:44:51.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "phpMyAdmin",
"vendor": "phpMyAdmin",
"versions": [
{
"lessThan": "5.2.2",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.2.2",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T05:35:25.047Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpmyadmin.net/security/PMASA-2025-1/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-24530",
"datePublished": "2025-01-23T00:00:00.000Z",
"dateReserved": "2025-01-23T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:44:51.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24529 (GCVE-0-2025-24529)
Vulnerability from nvd
Published
2025-01-23 00:00
Modified
2025-11-03 19:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin |
Version: 5.0.0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24529",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T15:02:51.479392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T15:02:59.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:44:49.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "phpMyAdmin",
"vendor": "phpMyAdmin",
"versions": [
{
"lessThan": "5.2.2",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.2.2",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T05:34:02.560Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpmyadmin.net/security/PMASA-2025-2/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-24529",
"datePublished": "2025-01-23T00:00:00.000Z",
"dateReserved": "2025-01-23T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:44:49.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-25727 (GCVE-0-2023-25727)
Vulnerability from nvd
Published
2023-02-13 00:00
Modified
2025-11-03 19:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:28:04.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phpmyadmin.net/security/PMASA-2023-1/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00016.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-25727",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T14:52:37.332618Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T14:53:11.707Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpmyadmin.net/security/PMASA-2023-1/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-25727",
"datePublished": "2023-02-13T00:00:00.000Z",
"dateReserved": "2023-02-13T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:28:04.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24530 (GCVE-0-2025-24530)
Vulnerability from cvelistv5
Published
2025-01-23 00:00
Modified
2025-11-03 19:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin |
Version: 5.0.0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24530",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T15:02:00.369223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T15:02:09.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:44:51.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "phpMyAdmin",
"vendor": "phpMyAdmin",
"versions": [
{
"lessThan": "5.2.2",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.2.2",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T05:35:25.047Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpmyadmin.net/security/PMASA-2025-1/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-24530",
"datePublished": "2025-01-23T00:00:00.000Z",
"dateReserved": "2025-01-23T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:44:51.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24529 (GCVE-0-2025-24529)
Vulnerability from cvelistv5
Published
2025-01-23 00:00
Modified
2025-11-03 19:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin |
Version: 5.0.0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24529",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T15:02:51.479392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T15:02:59.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:44:49.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "phpMyAdmin",
"vendor": "phpMyAdmin",
"versions": [
{
"lessThan": "5.2.2",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.2.2",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T05:34:02.560Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpmyadmin.net/security/PMASA-2025-2/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-24529",
"datePublished": "2025-01-23T00:00:00.000Z",
"dateReserved": "2025-01-23T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:44:49.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-25727 (GCVE-0-2023-25727)
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2025-11-03 19:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:28:04.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phpmyadmin.net/security/PMASA-2023-1/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00016.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-25727",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T14:52:37.332618Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T14:53:11.707Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpmyadmin.net/security/PMASA-2023-1/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-25727",
"datePublished": "2023-02-13T00:00:00.000Z",
"dateReserved": "2023-02-13T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:28:04.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CERTFR-2025-AVI-0051
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans PHPMyAdmin. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS) et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 5.x antérieurs à 5.2.2 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 5.x ant\u00e9rieurs \u00e0 5.2.2",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
}
],
"initial_release_date": "2025-01-22T00:00:00",
"last_revision_date": "2025-01-22T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0051",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans PHPMyAdmin. Elles permettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS) et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": "2025-01-21",
"title": "Bulletin de s\u00e9curit\u00e9 PHPMyAdmin PMASA-2025-3",
"url": "https://www.phpmyadmin.net/security/PMASA-2025-3/"
},
{
"published_at": "2025-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 PHPMyAdmin PMASA-2025-1",
"url": "https://www.phpmyadmin.net/security/PMASA-2025-1/"
},
{
"published_at": "2025-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 PHPMyAdmin PMASA-2025-2",
"url": "https://www.phpmyadmin.net/security/PMASA-2025-2/"
}
]
}
CERTFR-2023-AVI-0103
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans phpMyAdmin. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 5.x antérieures à 5.2.1 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.3.0 à 4.9.x antérieures à 4.9.11 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 5.x ant\u00e9rieures \u00e0 5.2.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions 4.3.0 \u00e0 4.9.x ant\u00e9rieures \u00e0 4.9.11",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2023-02-08T00:00:00",
"last_revision_date": "2023-02-08T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0103",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans phpMyAdmin. Elle permet \u00e0 un\nattaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Vuln\u00e9rabilit\u00e9 dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2023-1 du 07 f\u00e9vrier 2023",
"url": "https://www.phpmyadmin.net/security/PMASA-2023-1/"
}
]
}
CERTFR-2022-AVI-069
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans phpMyAdmin. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.9.x antérieures à 4.9.8 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 5.1.x antérieures à 5.1.2 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 4.9.x ant\u00e9rieures \u00e0 4.9.8",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions 5.1.x ant\u00e9rieures \u00e0 5.1.2",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-23807",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23807"
},
{
"name": "CVE-2022-23808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23808"
}
],
"initial_release_date": "2022-01-24T00:00:00",
"last_revision_date": "2022-01-24T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-069",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans phpMyAdmin. Elles\npermettent \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9 et une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2022-2 du 10 janvier 2022",
"url": "https://www.phpmyadmin.net/security/PMASA-2022-2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2022-1 du 10 janvier 2022",
"url": "https://www.phpmyadmin.net/security/PMASA-2022-1"
}
]
}
CERTFR-2020-AVI-628
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans phpMyAdmin. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS) et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 5.0.x versions antérieures à 5.0.3 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.9.x versions antérieures à 4.9.6 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 5.0.x versions ant\u00e9rieures \u00e0 5.0.3",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions 4.9.x versions ant\u00e9rieures \u00e0 4.9.6",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-26935",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26935"
},
{
"name": "CVE-2020-26934",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26934"
}
],
"initial_release_date": "2020-10-12T00:00:00",
"last_revision_date": "2020-10-12T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-628",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-10-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans phpMyAdmin. Elles\npermettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0\ndistance (XSS) et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2020-5 du 10 octobre 2020",
"url": "https://www.phpmyadmin.net/security/PMASA-2020-5/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2020-6 du 10 octobre 2020",
"url": "https://www.phpmyadmin.net/security/PMASA-2020-6/"
}
]
}
CERTFR-2020-AVI-167
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans phpMyAdmin . Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.9.x antérieures à 4.9.5 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 5.0.x antérieures à 5.0.2 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 4.9.x ant\u00e9rieures \u00e0 4.9.5",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions 5.0.x ant\u00e9rieures \u00e0 5.0.2",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-10804",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10804"
},
{
"name": "CVE-2020-10802",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10802"
},
{
"name": "CVE-2020-10803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10803"
}
],
"initial_release_date": "2020-03-23T00:00:00",
"last_revision_date": "2020-03-23T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2020-3 du 20 mars 2020",
"url": "https://www.phpmyadmin.net/security/PMASA-2020-3/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2020-2 du 20 mars 2020",
"url": "https://www.phpmyadmin.net/security/PMASA-2020-2/"
}
],
"reference": "CERTFR-2020-AVI-167",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-03-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans phpMyAdmin . Elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des\ndonn\u00e9es, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection\nde code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2020-3 du 20 mars 2020",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2020-4 du 20 mars 2020",
"url": "https://www.phpmyadmin.net/security/PMASA-2020-4/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2020-2 du 20 mars 2020",
"url": null
}
]
}
CERTFR-2020-AVI-010
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans phpMyAdmin. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 5.x antérieures à 5.0.1 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions antérieures à 4.9.4 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 5.x ant\u00e9rieures \u00e0 5.0.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions ant\u00e9rieures \u00e0 4.9.4",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-5504",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5504"
}
],
"initial_release_date": "2020-01-08T00:00:00",
"last_revision_date": "2020-01-08T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-010",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-01-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans phpMyAdmin. Elle permet \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2020-1 du 05 janvier 2020",
"url": "https://www.phpmyadmin.net/security/PMASA-2020-1/"
}
]
}
CERTFR-2019-AVI-249
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans phpMyAdmin. Elle permet à un attaquant de provoquer une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin toutes versions antérieures à 4.9.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin toutes versions ant\u00e9rieures \u00e0 4.9.0",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-12616",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12616"
}
],
"initial_release_date": "2019-06-06T00:00:00",
"last_revision_date": "2019-06-06T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-249",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-06-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans phpMyAdmin. Elle permet \u00e0 un\nattaquant de provoquer une injection de requ\u00eates ill\u00e9gitimes par rebond\n(CSRF).\n",
"title": "Vuln\u00e9rabilit\u00e9 dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2019-4 du 04 juin 2019",
"url": "https://www.phpmyadmin.net/security/PMASA-2019-4/"
}
]
}
CERTFR-2018-AVI-404
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans phpMyAdmin . Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions antérieures à 4.8.3 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions ant\u00e9rieures \u00e0 4.8.3",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-15605",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15605"
}
],
"initial_release_date": "2018-08-23T00:00:00",
"last_revision_date": "2018-08-23T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-404",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-08-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans phpMyAdmin . Elle permet \u00e0 un\nattaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Vuln\u00e9rabilit\u00e9 dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2018-5 du 21 ao\u00fbt 2018",
"url": "https://www.phpmyadmin.net/security/PMASA-2018-5/"
}
]
}
CERTFR-2018-AVI-300
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans phpMyAdmin. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions antérieures à 4.8.2. |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions ant\u00e9rieures \u00e0 4.8.2.",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-12581",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12581"
},
{
"name": "CVE-2018-12613",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12613"
}
],
"initial_release_date": "2018-06-22T00:00:00",
"last_revision_date": "2018-06-22T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-300",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-06-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans phpMyAdmin. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance et une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2018-3 du 19 juin 2018",
"url": "https://www.phpmyadmin.net/security/PMASA-2018-3/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2018-4 du 19 juin 2018",
"url": "https://www.phpmyadmin.net/security/PMASA-2018-4/"
}
]
}
CERTFR-2018-AVI-093
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans phpMyAdmin . Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.7.x antérieures à 4.7.8 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 4.7.x ant\u00e9rieures \u00e0 4.7.8",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-7260",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7260"
}
],
"initial_release_date": "2018-02-21T00:00:00",
"last_revision_date": "2018-02-21T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-093",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-02-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans phpMyAdmin . Elle permet \u00e0 un\nattaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Vuln\u00e9rabilit\u00e9 dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2018-1 du 20 f\u00e9vrier 2018",
"url": "https://www.phpmyadmin.net/security/PMASA-2018-1/"
}
]
}
CERTFR-2018-AVI-001
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans phpMyAdmin . Elle permet à un attaquant de provoquer une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.7.x antérieures à 4.7.7 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 4.7.x ant\u00e9rieures \u00e0 4.7.7",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-1000499",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000499"
}
],
"initial_release_date": "2018-01-03T00:00:00",
"last_revision_date": "2018-01-03T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-001",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-01-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans phpMyAdmin . Elle permet \u00e0 un\nattaquant de provoquer une injection de requ\u00eates ill\u00e9gitimes par rebond\n(CSRF).\n",
"title": "Vuln\u00e9rabilit\u00e9 dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2017-9 du 20 d\u00e9cembre 2017",
"url": "https://www.phpmyadmin.net/security/PMASA-2017-9/"
}
]
}
CERTFR-2016-AVI-390
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans phpMyAdmin. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.0.X antérieures à 4.0.10.18 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.4.X antérieures à 4.4.15.19 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.6.X antérieures à 4.6.5 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 4.0.X ant\u00e9rieures \u00e0 4.0.10.18",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions 4.4.X ant\u00e9rieures \u00e0 4.4.15.19",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions 4.6.X ant\u00e9rieures \u00e0 4.6.5",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2016-11-25T00:00:00",
"last_revision_date": "2016-11-25T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-68 du 25 novembre 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-68/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-67 du 25 novembre 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-67/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-62 du 25 novembre 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-62/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-63 du 25 novembre 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-63/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-65 du 25 novembre 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-65/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-70 du 25 novembre 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-70/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-69 du 25 novembre 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-69/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-64 du 25 novembre 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-64/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-71 du 25 novembre 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-71/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-66 du 25 novembre 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-66/"
}
],
"reference": "CERTFR-2016-AVI-390",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-11-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nun d\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-66 du 25 novembre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-63 du 25 novembre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-67 du 25 novembre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-62 du 25 novembre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-71 du 25 novembre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-68 du 25 novembre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-70 du 25 novembre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-65 du 25 novembre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-64 du 25 novembre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-69 du 25 novembre 2016",
"url": null
}
]
}
CERTFR-2016-AVI-077
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans phpMyAdmin. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.5.x antérieures à 4.5.5.1 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.0.x antérieures à 4.0.10.15 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.4.x antérieures à 4.4.15.5 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 4.5.x ant\u00e9rieures \u00e0 4.5.5.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions 4.0.x ant\u00e9rieures \u00e0 4.0.10.15",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions 4.4.x ant\u00e9rieures \u00e0 4.4.15.5",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-2561",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2561"
},
{
"name": "CVE-2016-2559",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2559"
},
{
"name": "CVE-2016-2560",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2560"
},
{
"name": "CVE-2016-2562",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2562"
}
],
"initial_release_date": "2016-03-03T00:00:00",
"last_revision_date": "2016-03-03T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-13 du 25 f\u00e9vrier 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-13/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-11 du 25 f\u00e9vrier 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-11/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-12 du 25 f\u00e9vrier 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-12/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-10 du 25 f\u00e9vrier 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-10/"
}
],
"reference": "CERTFR-2016-AVI-077",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-03-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0\nun attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9,\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-13 du 25 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-12 du 25 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-10 du 25 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-11 du 25 f\u00e9vrier 2016",
"url": null
}
]
}
CERTFR-2015-AVI-450
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans phpMyAdmin. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.5.x antérieures à 4.5.1 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.4.x antérieures à 4.4.15.1 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 4.5.x ant\u00e9rieures \u00e0 4.5.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions 4.4.x ant\u00e9rieures \u00e0 4.4.15.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-7873",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7873"
}
],
"initial_release_date": "2015-10-23T00:00:00",
"last_revision_date": "2015-10-23T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2015-5 du 23 octobre 2015",
"url": "https://www.phpmyadmin.net/security/PMASA-2015-5/"
}
],
"reference": "CERTFR-2015-AVI-450",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-10-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e. Elle permet \u00e0 un attaquant de\nprovoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2015-5 du 23 octobre 2015",
"url": null
}
]
}
CERTFR-2015-AVI-390
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans phpMyAdmin. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions antérieures à 4.3.13.2 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions antérieures à 4.4.14.1 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions ant\u00e9rieures \u00e0 4.3.13.2",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions ant\u00e9rieures \u00e0 4.4.14.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-6830",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6830"
}
],
"initial_release_date": "2015-09-16T00:00:00",
"last_revision_date": "2015-09-16T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2015-4 du 08 septembre 2015",
"url": "https://www.phpmyadmin.net/security/PMASA-2015-4/"
}
],
"reference": "CERTFR-2015-AVI-390",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-09-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e. Elle permet \u00e0 un attaquant de\nprovoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2015-4 du 08 septembre 2015",
"url": null
}
]
}
CERTFR-2015-AVI-226
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans PHPMyAdmin. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | PHPMyAdmin versions 4.2.x antérieures à 4.2.13.3 | ||
| phpMyAdmin | phpMyAdmin | PHPMyAdmin versions 4.3.x antérieures à 4.3.13.1 | ||
| phpMyAdmin | phpMyAdmin | PHPMyAdmin versions 4.4.x antérieures à 4.4.6.1 | ||
| phpMyAdmin | phpMyAdmin | PHPMyAdmin versions 4.0.x antérieures à 4.0.10.10 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PHPMyAdmin versions 4.2.x ant\u00e9rieures \u00e0 4.2.13.3",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "PHPMyAdmin versions 4.3.x ant\u00e9rieures \u00e0 4.3.13.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "PHPMyAdmin versions 4.4.x ant\u00e9rieures \u00e0 4.4.6.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "PHPMyAdmin versions 4.0.x ant\u00e9rieures \u00e0 4.0.10.10",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-3902",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3902"
},
{
"name": "CVE-2015-3903",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3903"
}
],
"initial_release_date": "2015-05-15T00:00:00",
"last_revision_date": "2015-05-15T00:00:00",
"links": [],
"reference": "CERTFR-2015-AVI-226",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-05-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ePHPMyAdmin\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une injection de requ\u00eates ill\u00e9gitimes par\nrebond (CSRF).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans PHPMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PHPMyAdmin PMASA-2015-2 du 13 mai 2015",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2015-2.php"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PHPMyAdmin PMASA-2015-3 du 13 mai 2015",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2015-3.php"
}
]
}
CERTFR-2014-AVI-506
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans phpMyAdmin. Elles permettent à un attaquant de provoquer un déni de service à distance et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | versions antérieures à phpMyAdmin 4.1.14.8 | ||
| phpMyAdmin | phpMyAdmin | versions antérieures à phpMyAdmin 4.0.10.7 | ||
| phpMyAdmin | phpMyAdmin | Versions antérieures à phpMyAdmin 4.2.13.1 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "versions ant\u00e9rieures \u00e0 phpMyAdmin 4.1.14.8",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "versions ant\u00e9rieures \u00e0 phpMyAdmin 4.0.10.7",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "Versions ant\u00e9rieures \u00e0 phpMyAdmin 4.2.13.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-9219",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9219"
},
{
"name": "CVE-2014-9218",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9218"
}
],
"initial_release_date": "2014-12-05T00:00:00",
"last_revision_date": "2014-12-05T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-18 du 03 d\u00e9cembre 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-17 du 03 d\u00e9cembre 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php"
}
],
"reference": "CERTFR-2014-AVI-506",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-12-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et une injection de code\nindirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-17 du 03 d\u00e9cembre 2014",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-18 du 03 d\u00e9cembre 2014",
"url": null
}
]
}
CERTFR-2014-AVI-494
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans phpMyAdmin. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin branche 4.0.X versions antérieures à 4.0.10.6 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin branche 4.2.X versions antérieures à 4.1.12 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin branche 4.1.X versions antérieures à 4.1.14.7 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin branche 4.0.X versions ant\u00e9rieures \u00e0 4.0.10.6",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin branche 4.2.X versions ant\u00e9rieures \u00e0 4.1.12",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin branche 4.1.X versions ant\u00e9rieures \u00e0 4.1.14.7",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-8959",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8959"
},
{
"name": "CVE-2014-8961",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8961"
},
{
"name": "CVE-2014-8958",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8958"
},
{
"name": "CVE-2014-8960",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8960"
}
],
"initial_release_date": "2014-11-24T00:00:00",
"last_revision_date": "2014-11-24T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-494",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-11-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection\nde code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PMASA-2014-15 du 20 novembre 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PMASA-2014-14 du 20 novembre 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PMASA-2014-16 du 20 novembre 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PMASA-2014-13 du 20 novembre 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php"
}
]
}
CERTFR-2014-AVI-386
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans phpMyAdmin. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS) et une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions antérieures à 4.0.10.3 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions antérieures à 4.2.8.1 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions antérieures à 4.1.14.4 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions ant\u00e9rieures \u00e0 4.0.10.3",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions ant\u00e9rieures \u00e0 4.2.8.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions ant\u00e9rieures \u00e0 4.1.14.4",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-6300",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6300"
}
],
"initial_release_date": "2014-09-15T00:00:00",
"last_revision_date": "2014-09-15T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-10 du 13 septembre 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php"
}
],
"reference": "CERTFR-2014-AVI-386",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-09-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e. Elle permet \u00e0 un attaquant de\nprovoquer une injection de code indirecte \u00e0 distance (XSS) et une\ninjection de requ\u00eates ill\u00e9gitimes par rebond (CSRF).\n",
"title": "Vuln\u00e9rabilit\u00e9 dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-10 du 13 septembre 2014",
"url": null
}
]
}
CERTFR-2014-AVI-371
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans phpMyAdmin. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | versions antérieures à phpMyAdmin 4.1.14.3 | ||
| phpMyAdmin | phpMyAdmin | versions antérieures à phpMyAdmin 4.2.7.1 | ||
| phpMyAdmin | phpMyAdmin | Versions antérieures à phpMyAdmin 4.0.10.2 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "versions ant\u00e9rieures \u00e0 phpMyAdmin 4.1.14.3",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "versions ant\u00e9rieures \u00e0 phpMyAdmin 4.2.7.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "Versions ant\u00e9rieures \u00e0 phpMyAdmin 4.0.10.2",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-5273",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-5273"
},
{
"name": "CVE-2014-5274",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-5274"
}
],
"initial_release_date": "2014-09-03T00:00:00",
"last_revision_date": "2014-09-03T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-8 du 17 ao\u00fbt 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-9 du 17 ao\u00fbt 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php"
}
],
"reference": "CERTFR-2014-AVI-371",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-09-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-9 du 17 ao\u00fbt 2014",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-8 du 17 ao\u00fbt 2014",
"url": null
}
]
}
CERTFR-2014-AVI-330
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans phpMyAdmin. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions antérieures à 4.2.6 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions antérieures à 4.1.14.2 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions antérieures à 4.0.10.1 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions ant\u00e9rieures \u00e0 4.2.6",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions ant\u00e9rieures \u00e0 4.1.14.2",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions ant\u00e9rieures \u00e0 4.0.10.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-4986",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4986"
},
{
"name": "CVE-2014-4954",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4954"
},
{
"name": "CVE-2014-4955",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4955"
},
{
"name": "CVE-2014-4987",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4987"
}
],
"initial_release_date": "2014-07-21T00:00:00",
"last_revision_date": "2014-07-21T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-330",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-07-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une injection de code indirecte \u00e0 distance (XSS) et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PMASA-2014-4 du 21 juillet 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PMASA-2014-6 du 21 juillet 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PMASA-2014-5 du 21 juillet 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PMASA-2014-7 du 21 juillet 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php"
}
]
}
CERTFR-2014-AVI-281
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans phpMyAdmin. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.1.x antérieures à 4.1.14.1 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.2.x antérieures à 4.2.4 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 4.1.x ant\u00e9rieures \u00e0 4.1.14.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions 4.2.x ant\u00e9rieures \u00e0 4.2.4",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-4348",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4348"
},
{
"name": "CVE-2014-4349",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4349"
}
],
"initial_release_date": "2014-06-23T00:00:00",
"last_revision_date": "2014-06-23T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-3 du 20 juin 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-3.php"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-2 du 20 juin 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-2.php"
}
],
"reference": "CERTFR-2014-AVI-281",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-06-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-2 du 20 juin 2014",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-3 du 20 juin 2014",
"url": null
}
]
}
CERTA-2013-AVI-442
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans phpMyAdmin. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une élévation de privilèges et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | versions antérieures à phpMyAdmin 4.0.4.2 | ||
| phpMyAdmin | phpMyAdmin | Versions antérieures à phpMyAdmin 3.5.8.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "versions ant\u00e9rieures \u00e0 phpMyAdmin 4.0.4.2",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "Versions ant\u00e9rieures \u00e0 phpMyAdmin 3.5.8.2",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2013-07-29T00:00:00",
"last_revision_date": "2013-07-29T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-15 du 28 juillet 2013",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-13 du 28 juillet 2013",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-14 du 28 juillet 2013",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-11 du 28 juillet 2013",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-11.php"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-8 du 28 juillet 2013",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-8.php"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-9 du 28 juillet 2013",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-12 du 28 juillet 2013",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php"
}
],
"reference": "CERTA-2013-AVI-442",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-07-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une \u00e9l\u00e9vation\nde privil\u00e8ges et une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-15 du 28 juillet 2013",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-12 du 28 juillet 2013",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-13 du 28 juillet 2013",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-9 du 28 juillet 2013",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-11 du 28 juillet 2013",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-8 du 28 juillet 2013",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-14 du 28 juillet 2013",
"url": null
}
]
}
CERTA-2012-AVI-449
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans phpMyAdmin. Elle concerne une injection de code indirecte à distance (XSS) présente dans de multiples pages et actions du logiciel.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | versions antérieures à phpMyAdmin 3.4.11.1 pour la branche 3.4. | ||
| phpMyAdmin | phpMyAdmin | Versions antérieures à phpMyAdmin 3.5.2.2 pour la branche 3.5 ; |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "versions ant\u00e9rieures \u00e0 phpMyAdmin 3.4.11.1 pour la branche 3.4.",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "Versions ant\u00e9rieures \u00e0 phpMyAdmin 3.5.2.2 pour la branche 3.5 ;",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-4345",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4345"
}
],
"initial_release_date": "2012-08-20T00:00:00",
"last_revision_date": "2012-08-20T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2012-4 du 16 ao\u00fbt 2012 :",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php"
}
],
"reference": "CERTA-2012-AVI-449",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-08-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e. Elle concerne une injection de code\nindirecte \u00e0 distance (XSS) pr\u00e9sente dans de multiples pages et actions\ndu logiciel.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2012-4 du 16 ao\u00fbt 2012",
"url": null
}
]
}