cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2020-22452,https://securityvulnerability.io/vulnerability/CVE-2020-22452,SQL Injection Vulnerability in phpMyAdmin by phpMyAdmin,"An SQL Injection vulnerability exists in the getTableCreationQuery function within CreateAddField.php in phpMyAdmin versions 5.x prior to 5.2.0. Attackers can exploit this vulnerability using malformed tbl_storage_engine or tbl_collation parameters, potentially allowing unauthorized database access or manipulation. It is essential for users of affected versions to update to the latest release to mitigate this risk.",PHPmyadmin,PHPmyadmin,9.8,CRITICAL,0.0015300000086426735,false,,false,false,false,,,false,false,,2023-01-26T00:00:00.000Z,0 CVE-2022-0813,https://securityvulnerability.io/vulnerability/CVE-2022-0813,PhpMyAdmin exposure of sensitive information,"PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.","phpMyAdmin ","phpMyAdmin ",7.5,HIGH,0.0016599999507889152,false,,false,false,false,,,false,false,,2022-03-10T17:44:00.000Z,0 CVE-2020-22278,https://securityvulnerability.io/vulnerability/CVE-2020-22278,CSV Injection Vulnerability in phpMyAdmin by phpMyAdmin Development Team,"A vulnerability exists in phpMyAdmin versions up to 5.0.2 that allows for the execution of CSV injection attacks via the Export Section. Attackers can manipulate the CSV file output, potentially leading to unauthorized command execution in the context of the user opening the file. Although the vendor asserts that the generated CSV file accurately reflects the database contents, the risk of CSV injection must be addressed to ensure user safety and data integrity.",PHPmyadmin,PHPmyadmin,8.8,HIGH,0.005960000213235617,false,,false,false,false,,,false,false,,2020-11-04T16:52:26.000Z,0 CVE-2020-26935,https://securityvulnerability.io/vulnerability/CVE-2020-26935,SQL Injection Vulnerability in phpMyAdmin Search Feature,"A vulnerability exists in the SearchController of phpMyAdmin prior to version 4.9.6 and versions 5.x before 5.0.3, allowing attackers to execute arbitrary SQL queries via crafted input in the search feature. This flaw can lead to unauthorized access to sensitive data, integrity compromise, and other potentially harmful operations, making it crucial to address the security aspect of phpMyAdmin installations.",PHPmyadmin,PHPmyadmin,9.8,CRITICAL,0.022989999502897263,false,,false,false,false,,,false,false,,2020-10-10T18:26:53.000Z,0 CVE-2020-10802,https://securityvulnerability.io/vulnerability/CVE-2020-10802,SQL Injection Vulnerability in phpMyAdmin Affecting Multiple Versions,"A vulnerability has been identified in phpMyAdmin versions prior to 4.9.5 and 5.0.2, allowing attackers to exploit improperly escaped parameters when executing search queries. This exploitation occurs within the TableSearchController component, enabling an attacker to craft malicious database or table names. Users executing certain search operations on these compromised databases or tables are at risk of having their commands manipulated, potentially leading to unauthorized data access.",PHPmyadmin,PHPmyadmin,8,HIGH,0.005210000090301037,false,,false,false,false,,,false,false,,2020-03-22T03:48:33.000Z,0 CVE-2020-10804,https://securityvulnerability.io/vulnerability/CVE-2020-10804,SQL Injection Vulnerability in phpMyAdmin by phpMyAdmin Team,"A SQL injection vulnerability exists in phpMyAdmin versions prior to 4.9.5 and 5.0.2, specifically within the processes that retrieve the current username. This flaw enables a malicious user with server access to craft a particular username designed to exploit user account actions. If a victim interacts with this compromised account, they could inadvertently alter the user’s privileges, leading to unauthorized access or privilege escalation.",PHPmyadmin,PHPmyadmin,8,HIGH,0.001339999958872795,false,,false,false,false,,,false,false,,2020-03-22T03:47:59.000Z,0 CVE-2020-5504,https://securityvulnerability.io/vulnerability/CVE-2020-5504,SQL Injection Vulnerability in phpMyAdmin by phpMyAdmin Project,"In versions prior to 4.9.4 for phpMyAdmin 4 and 5.0.1 for phpMyAdmin 5, an SQL injection vulnerability exists on the user accounts page. This flaw allows an attacker with a valid MySQL account to inject malicious SQL statements by altering their username input when querying the user accounts. Such exploitation could lead to unauthorized access or manipulation of sensitive data within the database.",PHPmyadmin,PHPmyadmin,8.8,HIGH,0.0022499999031424522,false,,false,false,true,2021-11-14T14:54:04.000Z,true,false,false,,2020-01-09T21:56:22.000Z,0 CVE-2019-19617,https://securityvulnerability.io/vulnerability/CVE-2019-19617,Exposed Git Information in phpMyAdmin Affects Versions Prior to 4.9.2,"Versions of phpMyAdmin prior to 4.9.2 are susceptible to a vulnerability where certain Git information is not adequately escaped. This issue relates to the files libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php, potentially allowing attackers to exploit exposed Git data.",PHPmyadmin,PHPmyadmin,9.8,CRITICAL,0.0037499999161809683,false,,false,false,false,,,false,false,,2019-12-06T02:45:14.000Z,0 CVE-2019-18622,https://securityvulnerability.io/vulnerability/CVE-2019-18622,SQL Injection Risk in phpMyAdmin Versions Prior to 4.9.2,"An issue in phpMyAdmin, a widely used database management tool, allows for a SQL injection attack through its designer feature. By crafting a specific database or table name, an attacker may execute arbitrary SQL queries. This vulnerability poses a significant risk to database integrity and data confidentiality for users operating versions prior to 4.9.2.",PHPmyadmin,PHPmyadmin,9.8,CRITICAL,0.005960000213235617,false,,false,false,false,,,false,false,,2019-11-22T20:32:52.000Z,0 CVE-2019-11768,https://securityvulnerability.io/vulnerability/CVE-2019-11768,SQL Injection Vulnerability in phpMyAdmin Software by phpMyAdmin Team,"In versions of phpMyAdmin prior to 4.9.0.1, a vulnerability was found that allows attackers to exploit a specially crafted database name, leading to an SQL injection through the designer feature. This issue can enable unauthorized access or manipulation of the database, posing a significant risk to data integrity and confidentiality. Users should update to the latest version to mitigate this vulnerability.",PHPmyadmin,PHPmyadmin,9.8,CRITICAL,0.008150000125169754,false,,false,false,false,,,false,false,,2019-06-05T04:25:10.000Z,0 CVE-2019-6798,https://securityvulnerability.io/vulnerability/CVE-2019-6798,,An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.,PHPmyadmin,PHPmyadmin,9.8,CRITICAL,0.0032999999821186066,false,,false,false,false,,,false,false,,2019-01-26T17:00:00.000Z,0 CVE-2018-19969,https://securityvulnerability.io/vulnerability/CVE-2018-19969,,"phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc.",PHPmyadmin,PHPmyadmin,8.8,HIGH,0.0026400000788271427,false,,false,false,false,,,false,false,,2018-12-11T17:00:00.000Z,0 CVE-2018-12613,https://securityvulnerability.io/vulnerability/CVE-2018-12613,,"An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the ""$cfg['AllowArbitraryServer'] = true"" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the ""$cfg['ServerDefault'] = 0"" case (which bypasses the login requirement and runs the vulnerable code without any authentication).",PHPmyadmin,PHPmyadmin,8.8,HIGH,0.9732400178909302,false,,false,false,true,2020-02-19T05:41:11.000Z,true,false,false,,2018-06-21T20:00:00.000Z,0 CVE-2017-18264,https://securityvulnerability.io/vulnerability/CVE-2017-18264,,"An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions (e.g., version 5). This can allow the login of users who have no password set even if the administrator has set $cfg['Servers'][$i]['AllowNoPassword'] to false (which is also the default). This occurs because some implementations of the PHP substr function return false when given '' as the first argument.",PHPmyadmin,PHPmyadmin,9.8,CRITICAL,0.001990000018849969,false,,false,false,false,,,false,false,,2018-05-01T17:00:00.000Z,0 CVE-2018-10188,https://securityvulnerability.io/vulnerability/CVE-2018-10188,,"phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.",PHPmyadmin,PHPmyadmin,8.8,HIGH,0.005630000028759241,false,,false,false,false,,,false,false,,2018-04-19T14:00:00.000Z,0 CVE-2017-1000499,https://securityvulnerability.io/vulnerability/CVE-2017-1000499,,"phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.",PHPmyadmin,PHPmyadmin,8.8,HIGH,0.7656400203704834,false,,false,false,true,2019-01-05T16:33:08.000Z,true,false,false,,2018-01-03T14:00:00.000Z,0 CVE-2017-1000016,https://securityvulnerability.io/vulnerability/CVE-2017-1000016,,A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18.,PHPmyadmin,PHPmyadmin,7.5,HIGH,0.0008200000156648457,false,,false,false,false,,,false,false,,2017-07-17T13:18:00.000Z,0 CVE-2017-1000014,https://securityvulnerability.io/vulnerability/CVE-2017-1000014,,"phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality",PHPmyadmin,PHPmyadmin,7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2017-07-17T13:18:00.000Z,0 CVE-2017-1000017,https://securityvulnerability.io/vulnerability/CVE-2017-1000017,,"phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server",PHPmyadmin,PHPmyadmin,8.8,HIGH,0.0014400000218302011,false,,false,false,false,,,false,false,,2017-07-17T13:18:00.000Z,0 CVE-2017-1000018,https://securityvulnerability.io/vulnerability/CVE-2017-1000018,,"phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name",PHPmyadmin,PHPmyadmin,7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2017-07-17T13:18:00.000Z,0 CVE-2016-6621,https://securityvulnerability.io/vulnerability/CVE-2016-6621,,"The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.",PHPmyadmin,PHPmyadmin,8.6,HIGH,0.0016700000269338489,false,,false,false,false,,,false,false,,2017-01-31T19:00:00.000Z,0 CVE-2016-6631,https://securityvulnerability.io/vulnerability/CVE-2016-6631,,"An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file generator_plugin.sh. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",PHPmyadmin,PHPmyadmin,7.5,HIGH,0.007410000078380108,false,,false,false,false,,,false,false,,2016-12-11T02:00:00.000Z,0 CVE-2016-6617,https://securityvulnerability.io/vulnerability/CVE-2016-6617,,An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4) are affected.,PHPmyadmin,PHPmyadmin,8.1,HIGH,0.001339999958872795,false,,false,false,false,,,false,false,,2016-12-11T02:00:00.000Z,0 CVE-2016-9862,https://securityvulnerability.io/vulnerability/CVE-2016-9862,,An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected.,PHPmyadmin,PHPmyadmin,7.5,HIGH,0.0014700000174343586,false,,false,false,false,,,false,false,,2016-12-11T02:00:00.000Z,0 CVE-2016-9866,https://securityvulnerability.io/vulnerability/CVE-2016-9866,,"An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",PHPmyadmin,PHPmyadmin,9.8,CRITICAL,0.0017099999822676182,false,,false,false,false,,,false,false,,2016-12-11T02:00:00.000Z,0