Bugs fixes in "phpmyadmin"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2023-25727 | In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop in | 2023-08-23 |
| Launchpad | 2016018 | XSS vulnerability in drag-and-drop upload (CVE-2023-25727, PMASA-2023-1) | 2023-08-23 |
| Launchpad | 2016015 | Add PHP 8 support on Apache2 conf | 2023-08-23 |
| Launchpad | 2016016 | Require PHP \u003e= 8.0 due to Symfony stack incompatibilities | 2023-08-23 |
| Launchpad | 2016016 | Require PHP \u003e= 8.0 due to Symfony stack incompatibilities | 2023-08-10 |
| Launchpad | 2016016 | Require PHP \u003e= 8.0 due to Symfony stack incompatibilities | 2023-05-19 |
| CVE | CVE-2019-6799 | An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL | 2020-11-19 |
| CVE | CVE-2018-19968 | An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker | 2020-11-19 |
| CVE | CVE-2020-10803 | In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XS | 2020-11-19 |
| CVE | CVE-2020-10802 | In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly esca | 2020-11-19 |
| CVE | CVE-2020-10804 | In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/class | 2020-11-19 |
| CVE | CVE-2020-5504 | In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of | 2020-11-19 |
| CVE | CVE-2019-11768 | An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an | 2020-11-19 |
| CVE | CVE-2019-6798 | An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL inje | 2020-11-19 |
| CVE | CVE-2019-12616 | An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin u | 2020-11-19 |
| CVE | CVE-2018-19970 | In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafte | 2020-11-19 |
| CVE | CVE-2018-7260 | Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary w | 2020-11-19 |
| CVE | CVE-2020-26935 | An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpM | 2020-11-19 |
| CVE | CVE-2020-26934 | phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. | 2020-11-19 |
| CVE | CVE-2019-6799 | An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL | 2020-11-19 |
About
-
Send Feedback to @ubuntu_updates
