The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of phpMyAdmin

computer vulnerability CVE-2019-12616

phpMyAdmin: Cross Site Request Forgery via Login Form

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery via Login Form of phpMyAdmin, in order to force the victim to perform operations.
Impacted products: Debian, Fedora, openSUSE Leap, phpMyAdmin, SUSE Linux Enterprise Desktop, SLES, TYPO3 Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 05/06/2019.
Identifiers: CERTFR-2019-AVI-249, CVE-2019-12616, DLA-1821-1, FEDORA-2019-13d2ba0aed, FEDORA-2019-33649e2e64, openSUSE-SU-2019:1689-1, openSUSE-SU-2019:1861-1, PMASA-2019-4, TYPO3-EXT-SA-2019-014, VIGILANCE-VUL-29465.

Description of the vulnerability

An attacker can trigger a Cross Site Request Forgery via Login Form of phpMyAdmin, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-11768

phpMyAdmin: SQL injection via Designer

Synthesis of the vulnerability

An attacker can use a SQL injection via Designer of phpMyAdmin, in order to read or alter data.
Impacted products: Fedora, openSUSE Leap, phpMyAdmin, SUSE Linux Enterprise Desktop, SLES, TYPO3 Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 05/06/2019.
Identifiers: CVE-2019-11768, FEDORA-2019-13d2ba0aed, FEDORA-2019-33649e2e64, openSUSE-SU-2019:1689-1, openSUSE-SU-2019:1861-1, PMASA-2019-3, TYPO3-EXT-SA-2019-014, VIGILANCE-VUL-29464.

Description of the vulnerability

An attacker can use a SQL injection via Designer of phpMyAdmin, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-6799

phpMyAdmin: file reading via AllowArbitraryServer

Synthesis of the vulnerability

A local attacker can read a file via AllowArbitraryServer of phpMyAdmin, in order to obtain sensitive information.
Impacted products: Debian, Fedora, openSUSE Leap, phpMyAdmin, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet server.
Creation date: 28/01/2019.
Identifiers: CVE-2019-6799, DLA-1692-1, FEDORA-2019-09ae31d880, FEDORA-2019-6cfd17b03d, openSUSE-SU-2019:0194-1, PMASA-2019-1, VIGILANCE-VUL-28376.

Description of the vulnerability

A local attacker can read a file via AllowArbitraryServer of phpMyAdmin, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-19968 CVE-2018-19969 CVE-2018-19970

phpMyAdmin: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of phpMyAdmin.
Impacted products: Debian, Fedora, openSUSE Leap, phpMyAdmin, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: client access/rights, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 11/12/2018.
Identifiers: CVE-2018-19968, CVE-2018-19969, CVE-2018-19970, DLA-1658-1, FEDORA-2018-088802878a, FEDORA-2018-5aeca60933, openSUSE-SU-2018:4124-1, openSUSE-SU-2018:4125-1, PMASA-2018-6, PMASA-2018-7, PMASA-2018-8, VIGILANCE-VUL-28001.

Description of the vulnerability

An attacker can use several vulnerabilities of phpMyAdmin.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-15605

phpMyAdmin: Cross Site Scripting via File Import Warning Messages

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via File Import Warning Messages of phpMyAdmin, in order to run JavaScript code in the context of the web site.
Impacted products: Fedora, openSUSE Leap, phpMyAdmin, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 22/08/2018.
Identifiers: CERTFR-2018-AVI-404, CVE-2018-15605, FEDORA-2018-f2b24ce26e, openSUSE-SU-2018:2523-1, openSUSE-SU-2018:2525-1, openSUSE-SU-2018:2525-2, PMASA-2018-5, VIGILANCE-VUL-27059.

Description of the vulnerability

The phpMyAdmin product offers a web service.

However, it does not filter received data via warning messages before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via File Import Warning Messages of phpMyAdmin, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-12613

phpMyAdmin: code execution via File Inclusion

Synthesis of the vulnerability

An attacker can use a vulnerability via File Inclusion of phpMyAdmin, in order to run code.
Impacted products: openSUSE Leap, phpMyAdmin, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: user access/rights.
Provenance: intranet client.
Creation date: 22/06/2018.
Identifiers: CERTFR-2018-AVI-300, CVE-2018-12613, openSUSE-SU-2018:1806-1, openSUSE-SU-2018:1809-1, PMASA-2018-4, VIGILANCE-VUL-26500.

Description of the vulnerability

An attacker can use a vulnerability via File Inclusion of phpMyAdmin, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-12581

phpMyAdmin: Cross Site Scripting via Designer Feature

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Designer Feature of phpMyAdmin, in order to run JavaScript code in the context of the web site.
Impacted products: Fedora, openSUSE Leap, phpMyAdmin, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 22/06/2018.
Identifiers: CERTFR-2018-AVI-300, CVE-2018-12581, FEDORA-2018-68349e3094, openSUSE-SU-2018:1806-1, openSUSE-SU-2018:1809-1, PMASA-2018-3, VIGILANCE-VUL-26499.

Description of the vulnerability

The phpMyAdmin product offers a web service.

However, it does not filter received data via Designer Feature before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Designer Feature of phpMyAdmin, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-10188

phpMyAdmin: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of phpMyAdmin, in order to force the victim to perform operations.
Impacted products: openSUSE Leap, phpMyAdmin, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 19/04/2018.
Identifiers: CVE-2018-10188, openSUSE-SU-2018:1058-1, openSUSE-SU-2018:1059-1, PMASA-2018-2, VIGILANCE-VUL-25934.

Description of the vulnerability

The phpMyAdmin product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of phpMyAdmin, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-7260

phpMyAdmin: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of phpMyAdmin, in order to run JavaScript code in the context of the web site.
Impacted products: Fedora, openSUSE Leap, phpMyAdmin.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 21/02/2018.
Identifiers: CERTFR-2018-AVI-093, CVE-2018-7260, FEDORA-2018-147d33439c, FEDORA-2018-a1650ed14f, openSUSE-SU-2018:0536-1, PMASA-2018-1, VIGILANCE-VUL-25340.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of phpMyAdmin, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-1000499

phpMyAdmin: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of phpMyAdmin, in order to force the victim to perform operations.
Impacted products: Fedora, openSUSE Leap, phpMyAdmin, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 28/12/2017.
Identifiers: CERTFR-2018-AVI-001, CVE-2017-1000499, FEDORA-2017-481515e199, FEDORA-2017-cad79c7c6c, openSUSE-SU-2017:3448-1, openSUSE-SU-2017:3451-1, PMASA-2017-9, VIGILANCE-VUL-24897.

Description of the vulnerability

The phpMyAdmin product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of phpMyAdmin, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about phpMyAdmin: