Known Vulnerabilities for products from Phpmyadmin
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Phpmyadmin".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-23808 | An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup scrip... | 6.1 - MEDIUM | 2022-01-22 | 2023-11-26 |
| CVE-2022-23807 | An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to php... | 4.3 - MEDIUM | 2022-01-22 | 2023-11-26 |
| CVE-2020-26935 | An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability wa... | 9.8 - CRITICAL | 2020-10-10 | 2023-11-07 |
| CVE-2020-26934 | phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. | 6.1 - MEDIUM | 2020-10-10 | 2023-11-07 |
| CVE-2020-22452 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2023-01-26 | 2023-02-01 |
| CVE-2020-22278 | ** DISPUTED ** phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the ... | 8.8 - HIGH | 2020-11-04 | 2023-11-07 |
| CVE-2020-11441 | ** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields caus... | 6.1 - MEDIUM | 2020-03-31 | 2023-11-07 |
| CVE-2020-10804 | In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current user... | 8 - HIGH | 2020-03-22 | 2023-11-07 |
| CVE-2020-10803 | In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could ... | 5.4 - MEDIUM | 2020-03-22 | 2023-11-07 |
| CVE-2020-10802 | In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain paramete... | 8 - HIGH | 2020-03-22 | 2023-11-07 |
| CVE-2020-5504 | In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could injec... | 8.8 - HIGH | 2020-01-09 | 2020-11-10 |
| CVE-2019-19617 | phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and lib... | 9.8 - CRITICAL | 2019-12-06 | 2020-11-10 |
| CVE-2019-18622 | An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection atta... | 9.8 - CRITICAL | 2019-11-22 | 2023-11-07 |
| CVE-2019-12922 | A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page. | 6.5 - MEDIUM | 2019-09-13 | 2023-11-07 |
| CVE-2019-12616 | An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attac... | 6.5 - MEDIUM | 2019-06-05 | 2023-11-07 |
| CVE-2019-11768 | An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name ca... | 9.8 - CRITICAL | 2019-06-05 | 2023-11-07 |
| CVE-2019-6799 | An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with ... | 5.9 - MEDIUM | 2019-01-26 | 2020-08-24 |
| CVE-2019-6798 | An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be us... | 9.8 - CRITICAL | 2019-01-26 | 2019-01-28 |
| CVE-2018-19970 | In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to... | 6.1 - MEDIUM | 2018-12-11 | 2019-04-22 |
| CVE-2018-19969 | phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking ... | 8.8 - HIGH | 2018-12-11 | 2019-04-22 |
Known software with vulnerabilities from Phpmyadmin
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Phpmyadmin | Phpmyadmin | 0.9.0 |