cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-24529,https://securityvulnerability.io/vulnerability/CVE-2025-24529,XSS Vulnerability in phpMyAdmin Affects Multiple Versions by phpMyAdmin,"A Cross-Site Scripting (XSS) vulnerability has been identified in phpMyAdmin versions prior to 5.2.2, specifically affecting the Insert tab. This flaw can be exploited by attackers to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized actions or data exposure. It's crucial for users of affected versions to apply the latest updates to mitigate risks associated with this vulnerability.",PHPmyadmin,PHPmyadmin,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-23T00:00:00.000Z,0
CVE-2025-24530,https://securityvulnerability.io/vulnerability/CVE-2025-24530,XSS Vulnerability in phpMyAdmin Affects Multiple Versions,"A Cross-Site Scripting (XSS) vulnerability has been identified in phpMyAdmin versions prior to 5.2.2, specifically within the check tables feature. Attackers can exploit this weakness by utilizing specially crafted table or database names, potentially leading to unauthorized access or manipulation. It is crucial for users of affected versions to upgrade to the latest release to mitigate the risk associated with this vulnerability.",PHPmyadmin,PHPmyadmin,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-23T00:00:00.000Z,0
CVE-2023-25727,https://securityvulnerability.io/vulnerability/CVE-2023-25727,Cross-Site Scripting Vulnerability in phpMyAdmin by phpMyAdmin Development Team,"In phpMyAdmin versions prior to 4.9.11 and 5.2.1, an authenticated user may exploit a vulnerability by uploading a specially crafted .sql file via the drag-and-drop feature. This can lead to cross-site scripting (XSS) issues, allowing attackers to execute malicious scripts in the context of the user's session. This vulnerability highlights the importance of keeping phpMyAdmin updated and properly reviewing uploaded files to mitigate security risks.",PHPmyadmin,PHPmyadmin,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-02-13T00:00:00.000Z,0
CVE-2020-22452,https://securityvulnerability.io/vulnerability/CVE-2020-22452,SQL Injection Vulnerability in phpMyAdmin by phpMyAdmin,"An SQL Injection vulnerability exists in the getTableCreationQuery function within CreateAddField.php in phpMyAdmin versions 5.x prior to 5.2.0. Attackers can exploit this vulnerability using malformed tbl_storage_engine or tbl_collation parameters, potentially allowing unauthorized database access or manipulation. It is essential for users of affected versions to update to the latest release to mitigate this risk.",PHPmyadmin,PHPmyadmin,9.8,CRITICAL,0.0015300000086426735,false,,false,false,false,,,false,false,,2023-01-26T00:00:00.000Z,0
CVE-2022-0813,https://securityvulnerability.io/vulnerability/CVE-2022-0813,PhpMyAdmin exposure of sensitive information,"PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.","phpMyAdmin ","phpMyAdmin ",7.5,HIGH,0.0016599999507889152,false,,false,false,false,,,false,false,,2022-03-10T17:44:00.000Z,0
CVE-2022-23808,https://securityvulnerability.io/vulnerability/CVE-2022-23808,Cross-Site Scripting and HTML Injection in phpMyAdmin by phpMyAdmin Project,"A vulnerability exists in phpMyAdmin versions prior to 5.1.2 that allows attackers to inject malicious code through the setup script. This can lead to Cross-Site Scripting (XSS) or HTML injection, compromising the integrity of the system and potentially exposing sensitive data. Proper validation and sanitization of inputs are essential to mitigate this risk and protect phpMyAdmin installations.",PHPmyadmin,PHPmyadmin,6.1,MEDIUM,0.05339999869465828,false,,false,false,true,2022-02-01T17:02:03.000Z,true,false,false,,2022-01-22T00:00:00.000Z,0
CVE-2022-23807,https://securityvulnerability.io/vulnerability/CVE-2022-23807,Two-Factor Authentication Bypass in phpMyAdmin by phpMyAdmin,"A security issue has been identified in phpMyAdmin affecting versions prior to 4.9.8 and 5.1.2. This vulnerability permits a valid authenticated user to manipulate their account settings, allowing them to bypass the two-factor authentication mechanism in future login attempts. Such a security flaw can expose sensitive user data and compromise overall system integrity if exploited. Users are advised to update to the latest versions to mitigate potential risks.",PHPmyadmin,PHPmyadmin,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-01-22T00:00:00.000Z,0
CVE-2020-22278,https://securityvulnerability.io/vulnerability/CVE-2020-22278,CSV Injection Vulnerability in phpMyAdmin by phpMyAdmin Development Team,"A vulnerability exists in phpMyAdmin versions up to 5.0.2 that allows for the execution of CSV injection attacks via the Export Section. Attackers can manipulate the CSV file output, potentially leading to unauthorized command execution in the context of the user opening the file. Although the vendor asserts that the generated CSV file accurately reflects the database contents, the risk of CSV injection must be addressed to ensure user safety and data integrity.",PHPmyadmin,PHPmyadmin,8.8,HIGH,0.005960000213235617,false,,false,false,false,,,false,false,,2020-11-04T16:52:26.000Z,0
CVE-2020-26934,https://securityvulnerability.io/vulnerability/CVE-2020-26934,Cross-Site Scripting in phpMyAdmin Affects Multiple Versions,"The vulnerability allows for Cross-Site Scripting (XSS) through the transformation feature of phpMyAdmin when crafted links are used. Attackers can exploit this flaw to execute arbitrary scripts in the context of a victim's browser session, potentially compromising sensitive information or user sessions.",PHPmyadmin,PHPmyadmin,6.1,MEDIUM,0.004379999823868275,false,,false,false,false,,,false,false,,2020-10-10T18:27:11.000Z,0
CVE-2020-26935,https://securityvulnerability.io/vulnerability/CVE-2020-26935,SQL Injection Vulnerability in phpMyAdmin Search Feature,"A vulnerability exists in the SearchController of phpMyAdmin prior to version 4.9.6 and versions 5.x before 5.0.3, allowing attackers to execute arbitrary SQL queries via crafted input in the search feature. This flaw can lead to unauthorized access to sensitive data, integrity compromise, and other potentially harmful operations, making it crucial to address the security aspect of phpMyAdmin installations.",PHPmyadmin,PHPmyadmin,9.8,CRITICAL,0.022989999502897263,false,,false,false,false,,,false,false,,2020-10-10T18:26:53.000Z,0
CVE-2020-11441,https://securityvulnerability.io/vulnerability/CVE-2020-11441,CRLF Injection Vulnerability in phpMyAdmin by phpMyAdmin Team,"A CRLF injection vulnerability exists in phpMyAdmin 5.0.2, allowing malicious users to manipulate input fields in the login form. This can lead to unintended reflection of CRLF sequences on the error page, potentially enabling attackers to craft misleading responses. The vendor acknowledges the issue but has indicated that specific exploitable conditions are not evident. Proper validation and sanitization of user input are essential to mitigate this type of vulnerability.",PHPmyadmin,PHPmyadmin,6.1,MEDIUM,0.003370000049471855,false,,false,false,false,,,false,false,,2020-03-31T16:50:23.000Z,0
CVE-2020-10802,https://securityvulnerability.io/vulnerability/CVE-2020-10802,SQL Injection Vulnerability in phpMyAdmin Affecting Multiple Versions,"A vulnerability has been identified in phpMyAdmin versions prior to 4.9.5 and 5.0.2, allowing attackers to exploit improperly escaped parameters when executing search queries. This exploitation occurs within the TableSearchController component, enabling an attacker to craft malicious database or table names. Users executing certain search operations on these compromised databases or tables are at risk of having their commands manipulated, potentially leading to unauthorized data access.",PHPmyadmin,PHPmyadmin,8,HIGH,0.005210000090301037,false,,false,false,false,,,false,false,,2020-03-22T03:48:33.000Z,0
CVE-2020-10803,https://securityvulnerability.io/vulnerability/CVE-2020-10803,SQL Injection in phpMyAdmin Versions by phpMyAdmin,"A SQL injection vulnerability exists in phpMyAdmin versions prior to 4.9.5 and 5.0.2 that can lead to potential XSS exploitation. This vulnerability occurs when an attacker is able to insert malicious code into specific database tables. If this crafted data is retrieved, particularly through the Browse tab in the application, it can result in executing unintended scripts in the user's browser environment. This highlight emphasizes the importance of maintaining updated versions of phpMyAdmin to mitigate the associated security risks.",PHPmyadmin,PHPmyadmin,5.4,MEDIUM,0.0017399999778717756,false,,false,false,false,,,false,false,,2020-03-22T03:48:16.000Z,0
CVE-2020-10804,https://securityvulnerability.io/vulnerability/CVE-2020-10804,SQL Injection Vulnerability in phpMyAdmin by phpMyAdmin Team,"A SQL injection vulnerability exists in phpMyAdmin versions prior to 4.9.5 and 5.0.2, specifically within the processes that retrieve the current username. This flaw enables a malicious user with server access to craft a particular username designed to exploit user account actions. If a victim interacts with this compromised account, they could inadvertently alter the user’s privileges, leading to unauthorized access or privilege escalation.",PHPmyadmin,PHPmyadmin,8,HIGH,0.001339999958872795,false,,false,false,false,,,false,false,,2020-03-22T03:47:59.000Z,0
CVE-2020-5504,https://securityvulnerability.io/vulnerability/CVE-2020-5504,SQL Injection Vulnerability in phpMyAdmin by phpMyAdmin Project,"In versions prior to 4.9.4 for phpMyAdmin 4 and 5.0.1 for phpMyAdmin 5, an SQL injection vulnerability exists on the user accounts page. This flaw allows an attacker with a valid MySQL account to inject malicious SQL statements by altering their username input when querying the user accounts. Such exploitation could lead to unauthorized access or manipulation of sensitive data within the database.",PHPmyadmin,PHPmyadmin,8.8,HIGH,0.0022499999031424522,false,,false,false,true,2021-11-14T14:54:04.000Z,true,false,false,,2020-01-09T21:56:22.000Z,0
CVE-2019-19617,https://securityvulnerability.io/vulnerability/CVE-2019-19617,Exposed Git Information in phpMyAdmin Affects Versions Prior to 4.9.2,"Versions of phpMyAdmin prior to 4.9.2 are susceptible to a vulnerability where certain Git information is not adequately escaped. This issue relates to the files libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php, potentially allowing attackers to exploit exposed Git data.",PHPmyadmin,PHPmyadmin,9.8,CRITICAL,0.0037499999161809683,false,,false,false,false,,,false,false,,2019-12-06T02:45:14.000Z,0
CVE-2019-18622,https://securityvulnerability.io/vulnerability/CVE-2019-18622,SQL Injection Risk in phpMyAdmin Versions Prior to 4.9.2,"An issue in phpMyAdmin, a widely used database management tool, allows for a SQL injection attack through its designer feature. By crafting a specific database or table name, an attacker may execute arbitrary SQL queries. This vulnerability poses a significant risk to database integrity and data confidentiality for users operating versions prior to 4.9.2.",PHPmyadmin,PHPmyadmin,9.8,CRITICAL,0.005960000213235617,false,,false,false,false,,,false,false,,2019-11-22T20:32:52.000Z,0
CVE-2019-12922,https://securityvulnerability.io/vulnerability/CVE-2019-12922,CSRF Vulnerability in phpMyAdmin Affects Server Deletion,"A Cross-Site Request Forgery (CSRF) vulnerability exists in phpMyAdmin version 4.9.0.1 that enables unauthorized users to delete any server from the Setup page. This security flaw can be exploited if a user is tricked into making an unintended request while being authenticated in phpMyAdmin. Effective security measures, such as implementing anti-CSRF tokens, are crucial to protect against such attacks and ensure the integrity of server configurations.",PHPmyadmin,PHPmyadmin,6.5,MEDIUM,0.8069400191307068,false,,false,false,false,,,false,false,,2019-09-13T12:27:04.000Z,0
CVE-2019-12616,https://securityvulnerability.io/vulnerability/CVE-2019-12616,Cross-Site Request Forgery Vulnerability in phpMyAdmin,"A vulnerability in phpMyAdmin prior to version 4.9.0 enables attackers to carry out Cross-Site Request Forgery (CSRF) attacks. By leveraging malicious tactics, such as embedding a deceptive <img> tag, an attacker can entice a victim to access a compromised link. This exploitation can lead to unauthorized database manipulations, for instance allowing the attacker to execute harmful SQL commands like INSERT or DELETE against the victim's phpMyAdmin account, potentially compromising sensitive data and system integrity.",PHPmyadmin,PHPmyadmin,6.5,MEDIUM,0.00953999999910593,false,,false,false,true,2024-06-03T00:50:16.000Z,true,false,false,,2019-06-05T04:27:12.000Z,0
CVE-2019-11768,https://securityvulnerability.io/vulnerability/CVE-2019-11768,SQL Injection Vulnerability in phpMyAdmin Software by phpMyAdmin Team,"In versions of phpMyAdmin prior to 4.9.0.1, a vulnerability was found that allows attackers to exploit a specially crafted database name, leading to an SQL injection through the designer feature. This issue can enable unauthorized access or manipulation of the database, posing a significant risk to data integrity and confidentiality. Users should update to the latest version to mitigate this vulnerability.",PHPmyadmin,PHPmyadmin,9.8,CRITICAL,0.008150000125169754,false,,false,false,false,,,false,false,,2019-06-05T04:25:10.000Z,0
CVE-2019-6799,https://securityvulnerability.io/vulnerability/CVE-2019-6799,,"An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of ""options(MYSQLI_OPT_LOCAL_INFILE"" calls.",PHPmyadmin,PHPmyadmin,5.9,MEDIUM,0.08878999948501587,false,,false,false,false,,,false,false,,2019-01-26T17:00:00.000Z,0
CVE-2019-6798,https://securityvulnerability.io/vulnerability/CVE-2019-6798,,An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.,PHPmyadmin,PHPmyadmin,9.8,CRITICAL,0.0032999999821186066,false,,false,false,false,,,false,false,,2019-01-26T17:00:00.000Z,0
CVE-2018-19970,https://securityvulnerability.io/vulnerability/CVE-2018-19970,,"In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.",PHPmyadmin,PHPmyadmin,6.1,MEDIUM,0.03804999962449074,false,,false,false,false,,,false,false,,2018-12-11T17:00:00.000Z,0
CVE-2018-19969,https://securityvulnerability.io/vulnerability/CVE-2018-19969,,"phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc.",PHPmyadmin,PHPmyadmin,8.8,HIGH,0.0026400000788271427,false,,false,false,false,,,false,false,,2018-12-11T17:00:00.000Z,0
CVE-2018-19968,https://securityvulnerability.io/vulnerability/CVE-2018-19968,,"An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.",PHPmyadmin,PHPmyadmin,6.5,MEDIUM,0.14675000309944153,false,,false,false,false,,,false,false,,2018-12-11T17:00:00.000Z,0