linuxserver/phpmyadmin
CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| < 4.9.11, >= 5.0.0, < 5.2.1 | 5.4 MEDIUM | — | ||
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface. | ||||
| >= 5.0.0, < 5.2.0 | 9.8 CRITICAL | — | ||
SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php. | ||||
| <= 5.1.1 | 5.3 MEDIUM | 5 MEDIUM | ||
PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section. | ||||
| >= 4.9.0, < 4.9.8, >= 5.1.0, < 5.1.2 | 4.3 MEDIUM | 4 MEDIUM | ||
An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances. | ||||
| >= 5.1.0, < 5.1.2 | 6.1 MEDIUM | 4.3 MEDIUM | ||
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection. | ||||