Madhura Jayaratne - Security Researcher - Exploit Intelligence Platform

CVE-2015-3902 WRITEUP WRITEUP

phpMyAdmin <4.0.10.10-4.4.6.1 - CSRF

Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configuration file.

View Code

CVE-2015-3903 WRITEUP WRITEUP

phpMyAdmin <4.0.10.10-4.4.6.1 - XSS

libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

View Code

CVE-2018-15605 WRITEUP MEDIUM WRITEUP

Phpmyadmin < 4.8.3 - XSS

An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature.

CVSS 6.1

View Code

CVE-2018-7260 WRITEUP MEDIUM WRITEUP

Phpmyadmin < 4.7.8 - XSS

Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVSS 5.4

View Code