The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of phpMyAdmin

threat announce CVE-2019-12922

phpMyAdmin: Cross Site Request Forgery via the "servers" page

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery via servers of phpMyAdmin, in order to force the victim to perform operations.
Severity: 2/4.
Creation date: 13/09/2019.
Identifiers: CVE-2019-12922, FEDORA-2019-3b5a7abe17, FEDORA-2019-6404181bf9, openSUSE-SU-2019:2211-1, VIGILANCE-VUL-30329.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Request Forgery via servers of phpMyAdmin, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

security announce CVE-2019-12616

phpMyAdmin: Cross Site Request Forgery via Login Form

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery via Login Form of phpMyAdmin, in order to force the victim to perform operations.
Severity: 2/4.
Creation date: 05/06/2019.
Identifiers: CERTFR-2019-AVI-249, CVE-2019-12616, DLA-1821-1, FEDORA-2019-13d2ba0aed, FEDORA-2019-33649e2e64, openSUSE-SU-2019:1689-1, openSUSE-SU-2019:1861-1, PMASA-2019-4, TYPO3-EXT-SA-2019-014, VIGILANCE-VUL-29465.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Request Forgery via Login Form of phpMyAdmin, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2019-11768

phpMyAdmin: SQL injection via Designer

Synthesis of the vulnerability

An attacker can use a SQL injection via Designer of phpMyAdmin, in order to read or alter data.
Severity: 2/4.
Creation date: 05/06/2019.
Identifiers: CVE-2019-11768, FEDORA-2019-13d2ba0aed, FEDORA-2019-33649e2e64, openSUSE-SU-2019:1689-1, openSUSE-SU-2019:1861-1, PMASA-2019-3, TYPO3-EXT-SA-2019-014, VIGILANCE-VUL-29464.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a SQL injection via Designer of phpMyAdmin, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer threat alert CVE-2019-6798

phpMyAdmin: SQL injection via Username

Synthesis of the vulnerability

An attacker can use a SQL injection via Username of phpMyAdmin, in order to read or alter data.
Severity: 3/4.
Creation date: 28/01/2019.
Identifiers: CVE-2019-6798, FEDORA-2019-09ae31d880, FEDORA-2019-6cfd17b03d, openSUSE-SU-2019:0194-1, PMASA-2019-2, VIGILANCE-VUL-28377.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The phpMyAdmin product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection via Username of phpMyAdmin, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin CVE-2019-6799

phpMyAdmin: file reading via AllowArbitraryServer

Synthesis of the vulnerability

A local attacker can read a file via AllowArbitraryServer of phpMyAdmin, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 28/01/2019.
Identifiers: CVE-2019-6799, DLA-1692-1, FEDORA-2019-09ae31d880, FEDORA-2019-6cfd17b03d, openSUSE-SU-2019:0194-1, PMASA-2019-1, VIGILANCE-VUL-28376.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A local attacker can read a file via AllowArbitraryServer of phpMyAdmin, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2018-19968 CVE-2018-19969 CVE-2018-19970

phpMyAdmin: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of phpMyAdmin.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 11/12/2018.
Identifiers: CVE-2018-19968, CVE-2018-19969, CVE-2018-19970, DLA-1658-1, FEDORA-2018-088802878a, FEDORA-2018-5aeca60933, openSUSE-SU-2018:4124-1, openSUSE-SU-2018:4125-1, PMASA-2018-6, PMASA-2018-7, PMASA-2018-8, VIGILANCE-VUL-28001.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of phpMyAdmin.
Full Vigil@nce bulletin... (Free trial)

cybersecurity weakness CVE-2018-15605

phpMyAdmin: Cross Site Scripting via File Import Warning Messages

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via File Import Warning Messages of phpMyAdmin, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 22/08/2018.
Identifiers: CERTFR-2018-AVI-404, CVE-2018-15605, FEDORA-2018-f2b24ce26e, openSUSE-SU-2018:2523-1, openSUSE-SU-2018:2525-1, openSUSE-SU-2018:2525-2, PMASA-2018-5, VIGILANCE-VUL-27059.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The phpMyAdmin product offers a web service.

However, it does not filter received data via warning messages before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via File Import Warning Messages of phpMyAdmin, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2018-12613

phpMyAdmin: code execution via File Inclusion

Synthesis of the vulnerability

An attacker can use a vulnerability via File Inclusion of phpMyAdmin, in order to run code.
Severity: 3/4.
Creation date: 22/06/2018.
Identifiers: CERTFR-2018-AVI-300, CVE-2018-12613, openSUSE-SU-2018:1806-1, openSUSE-SU-2018:1809-1, PMASA-2018-4, VIGILANCE-VUL-26500.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via File Inclusion of phpMyAdmin, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-12581

phpMyAdmin: Cross Site Scripting via Designer Feature

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Designer Feature of phpMyAdmin, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 22/06/2018.
Identifiers: CERTFR-2018-AVI-300, CVE-2018-12581, FEDORA-2018-68349e3094, openSUSE-SU-2018:1806-1, openSUSE-SU-2018:1809-1, PMASA-2018-3, VIGILANCE-VUL-26499.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The phpMyAdmin product offers a web service.

However, it does not filter received data via Designer Feature before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Designer Feature of phpMyAdmin, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2018-10188

phpMyAdmin: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of phpMyAdmin, in order to force the victim to perform operations.
Severity: 2/4.
Creation date: 19/04/2018.
Identifiers: CVE-2018-10188, openSUSE-SU-2018:1058-1, openSUSE-SU-2018:1059-1, PMASA-2018-2, VIGILANCE-VUL-25934.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The phpMyAdmin product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of phpMyAdmin, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about phpMyAdmin: