William Desportes

Pesquisador dephpMyAdmin team
#9043de 53,635
30.2CVSS total
Vulnerabilidades · 4
Média
2
Crítica
2
PT-2022-16278
4.3
2020-01-16
Unknown · Phpmyadmin · CVE-2022-23807
**Nome do software vulnerável e versões afetadas** Versões 4.9 a 4.9.7 do phpMyAdmin Versões 5.1 a 5.1.1 do phpMyAdmin **Descrição** Um usuário válido que já esteja autenticado no phpMyAdmin pode manipular sua conta para contornar a autenticação de dois fatores em futuros acessos. Este problema está relacionado à forma como o phpMyAdmin processa a autenticação de dois fatores. **Recomendações** Para as versões 4.9 a 4.9.7 do phpMyAdmin, atualize para a versão 4.9.8 ou posterior para resolver o problema. Para as versões 5.1 a 5.1.1 do phpMyAdmin, atualize para a versão 5.1.2 ou posterior para resolver o problema.
PT-2019-15539
9.8
2019-11-22
Php · Phpmyadmin · CVE-2019-18622
**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions prior to 4.9.2 **Description** A SQL injection attack can be triggered through the designer feature by using a crafted database or table name. **Recommendations** For versions prior to 4.9.2, update to version 4.9.2 or later to resolve the issue.
PT-2019-5541
10
2019-06-05
Phpmyadmin · Phpmyadmin · CVE-2019-11768
**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions prior to 4.9.0.1 **Description** The issue is related to a specially crafted database name that can trigger an SQL injection attack through the designer feature. This is due to the lack of protection measures for the SQL query structure in the designer feature, specifically in the move.js file. An attacker can exploit this to execute arbitrary code remotely. **Recommendations** For versions prior to 4.9.0.1, update to version 4.9.0.1 or later to resolve the issue. As a temporary workaround, consider disabling the designer feature until a patch is available. Restrict access to the move.js file to minimize the risk of exploitation. Avoid using specially crafted database names in the affected feature until the issue is resolved.
PT-2018-11267
6.1
2018-06-21
Phpmyadmin · Phpmyadmin · CVE-2018-12581
**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions prior to 4.8.2 **Description** A Cross-Site Scripting issue has been found where an attacker can use a crafted database name to trigger an attack when that database is referenced from the Designer feature. The issue is related to the `js/designer/move.js` file. **Recommendations** For versions prior to 4.8.2, update to version 4.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Designer feature until the update is applied.