Bugs fixes in "phpmyadmin"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2018-19968 | An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker | 2020-11-19 |
| CVE | CVE-2020-10803 | In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XS | 2020-11-19 |
| CVE | CVE-2020-10802 | In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly esca | 2020-11-19 |
| CVE | CVE-2020-10804 | In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/class | 2020-11-19 |
| CVE | CVE-2020-5504 | In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of | 2020-11-19 |
| CVE | CVE-2019-11768 | An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an | 2020-11-19 |
| CVE | CVE-2019-6798 | An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL inje | 2020-11-19 |
| CVE | CVE-2019-12616 | An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin u | 2020-11-19 |
| CVE | CVE-2018-19970 | In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafte | 2020-11-19 |
| CVE | CVE-2018-7260 | Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary w | 2020-11-19 |
| CVE | CVE-2020-26935 | An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpM | 2020-11-19 |
| CVE | CVE-2020-26934 | phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. | 2020-11-19 |
| CVE | CVE-2016-6631 | An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI appli | 2018-08-30 |
| CVE | CVE-2016-6606 | An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This ca | 2018-08-30 |
| CVE | CVE-2016-6631 | An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI appli | 2018-08-30 |
| CVE | CVE-2016-6606 | An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This ca | 2018-08-30 |
| CVE | CVE-2016-6631 | An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI appli | 2018-08-30 |
| CVE | CVE-2016-6606 | An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This ca | 2018-08-30 |
| CVE | CVE-2016-6631 | An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI appli | 2018-08-30 |
| CVE | CVE-2016-6606 | An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This ca | 2018-08-30 |
About
-
Send Feedback to @ubuntu_updates
