| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of phpMyAdmin
phpMyAdmin: Cross Site Request Forgery via the "servers" page
Synthesis of the vulnerability
An attacker can trigger a Cross Site Request Forgery via servers of phpMyAdmin, in order to force the victim to perform operations.
Severity: 2/4.
Creation date: 13/09/2019.
Identifiers: CVE-2019-12922, FEDORA-2019-3b5a7abe17, FEDORA-2019-6404181bf9, openSUSE-SU-2019:2211-1, VIGILANCE-VUL-30329.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
An attacker can trigger a Cross Site Request Forgery via servers of phpMyAdmin, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial) |
phpMyAdmin: Cross Site Request Forgery via Login Form
Synthesis of the vulnerability
An attacker can trigger a Cross Site Request Forgery via Login Form of phpMyAdmin, in order to force the victim to perform operations.
Severity: 2/4.
Creation date: 05/06/2019.
Identifiers: CERTFR-2019-AVI-249, CVE-2019-12616, DLA-1821-1, FEDORA-2019-13d2ba0aed, FEDORA-2019-33649e2e64, openSUSE-SU-2019:1689-1, openSUSE-SU-2019:1861-1, PMASA-2019-4, TYPO3-EXT-SA-2019-014, VIGILANCE-VUL-29465.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
An attacker can trigger a Cross Site Request Forgery via Login Form of phpMyAdmin, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial) |
phpMyAdmin: SQL injection via Username
Synthesis of the vulnerability
An attacker can use a SQL injection via Username of phpMyAdmin, in order to read or alter data.
Severity: 3/4.
Creation date: 28/01/2019.
Identifiers: CVE-2019-6798, FEDORA-2019-09ae31d880, FEDORA-2019-6cfd17b03d, openSUSE-SU-2019:0194-1, PMASA-2019-2, VIGILANCE-VUL-28377.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The phpMyAdmin product uses a database.
However, user's data are directly inserted in a SQL query.
An attacker can therefore use a SQL injection via Username of phpMyAdmin, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial) |
phpMyAdmin: three vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of phpMyAdmin.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 11/12/2018.
Identifiers: CVE-2018-19968, CVE-2018-19969, CVE-2018-19970, DLA-1658-1, FEDORA-2018-088802878a, FEDORA-2018-5aeca60933, openSUSE-SU-2018:4124-1, openSUSE-SU-2018:4125-1, PMASA-2018-6, PMASA-2018-7, PMASA-2018-8, VIGILANCE-VUL-28001.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
An attacker can use several vulnerabilities of phpMyAdmin.
Full Vigil@nce bulletin... (Free trial) |
phpMyAdmin: Cross Site Scripting via File Import Warning Messages
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting via File Import Warning Messages of phpMyAdmin, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 22/08/2018.
Identifiers: CERTFR-2018-AVI-404, CVE-2018-15605, FEDORA-2018-f2b24ce26e, openSUSE-SU-2018:2523-1, openSUSE-SU-2018:2525-1, openSUSE-SU-2018:2525-2, PMASA-2018-5, VIGILANCE-VUL-27059.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The phpMyAdmin product offers a web service.
However, it does not filter received data via warning messages before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting via File Import Warning Messages of phpMyAdmin, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
phpMyAdmin: Cross Site Scripting via Designer Feature
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting via Designer Feature of phpMyAdmin, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 22/06/2018.
Identifiers: CERTFR-2018-AVI-300, CVE-2018-12581, FEDORA-2018-68349e3094, openSUSE-SU-2018:1806-1, openSUSE-SU-2018:1809-1, PMASA-2018-3, VIGILANCE-VUL-26499.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The phpMyAdmin product offers a web service.
However, it does not filter received data via Designer Feature before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting via Designer Feature of phpMyAdmin, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
phpMyAdmin: Cross Site Request Forgery
Synthesis of the vulnerability
An attacker can trigger a Cross Site Request Forgery of phpMyAdmin, in order to force the victim to perform operations.
Severity: 2/4.
Creation date: 19/04/2018.
Identifiers: CVE-2018-10188, openSUSE-SU-2018:1058-1, openSUSE-SU-2018:1059-1, PMASA-2018-2, VIGILANCE-VUL-25934.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The phpMyAdmin product offers a web service.
However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.
An attacker can therefore trigger a Cross Site Request Forgery of phpMyAdmin, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about phpMyAdmin:
|