Search criteria
37 vulnerabilities found for phpMyAdmin by phpMyAdmin
CVE-2025-24530 (GCVE-0-2025-24530)
Vulnerability from cvelistv5 – Published: 2025-01-23 00:00 – Updated: 2025-11-03 19:44
VLAI?
Summary
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin |
Affected:
5.0.0 , < 5.2.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24530",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T15:02:00.369223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T15:02:09.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:44:51.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "phpMyAdmin",
"vendor": "phpMyAdmin",
"versions": [
{
"lessThan": "5.2.2",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.2.2",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T05:35:25.047Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpmyadmin.net/security/PMASA-2025-1/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-24530",
"datePublished": "2025-01-23T00:00:00.000Z",
"dateReserved": "2025-01-23T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:44:51.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24529 (GCVE-0-2025-24529)
Vulnerability from cvelistv5 – Published: 2025-01-23 00:00 – Updated: 2025-11-03 19:44
VLAI?
Summary
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin |
Affected:
5.0.0 , < 5.2.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24529",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T15:02:51.479392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T15:02:59.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:44:49.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "phpMyAdmin",
"vendor": "phpMyAdmin",
"versions": [
{
"lessThan": "5.2.2",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.2.2",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T05:34:02.560Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpmyadmin.net/security/PMASA-2025-2/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-24529",
"datePublished": "2025-01-23T00:00:00.000Z",
"dateReserved": "2025-01-23T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:44:49.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-0813 (GCVE-0-2022-0813)
Vulnerability from cvelistv5 – Published: 2022-03-09 14:59 – Updated: 2024-09-16 23:51
VLAI?
Title
PhpMyAdmin exposure of sensitive information
Summary
PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin |
Affected:
5.1.1 , ≤ 5.1.1
(custom)
|
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/"
},
{
"name": "GLSA-202311-17",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpMyAdmin",
"vendor": "phpMyAdmin",
"versions": [
{
"lessThanOrEqual": "5.1.1",
"status": "affected",
"version": "5.1.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Rafael Pedrero"
}
],
"datePublic": "2022-03-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-26T12:06:10.507Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information"
},
{
"url": "https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/"
},
{
"name": "GLSA-202311-17",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-17"
}
],
"solutions": [
{
"lang": "en",
"value": "This vulnerability has been solved by the phpMyAdmin team in the 5.1.3 version."
}
],
"source": {
"defect": [
"INCIBE-2022-0636"
],
"discovery": "EXTERNAL"
},
"title": "PhpMyAdmin exposure of sensitive information",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2022-0813",
"datePublished": "2022-03-09T14:59:28.954Z",
"dateReserved": "2022-03-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:51:38.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2025-AVI-0051
Vulnerability from certfr_avis - Published: 2025-01-22 - Updated: 2025-01-22
De multiples vulnérabilités ont été découvertes dans PHPMyAdmin. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS) et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 5.x antérieurs à 5.2.2 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 5.x ant\u00e9rieurs \u00e0 5.2.2",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
}
],
"initial_release_date": "2025-01-22T00:00:00",
"last_revision_date": "2025-01-22T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0051",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans PHPMyAdmin. Elles permettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS) et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": "2025-01-21",
"title": "Bulletin de s\u00e9curit\u00e9 PHPMyAdmin PMASA-2025-3",
"url": "https://www.phpmyadmin.net/security/PMASA-2025-3/"
},
{
"published_at": "2025-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 PHPMyAdmin PMASA-2025-1",
"url": "https://www.phpmyadmin.net/security/PMASA-2025-1/"
},
{
"published_at": "2025-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 PHPMyAdmin PMASA-2025-2",
"url": "https://www.phpmyadmin.net/security/PMASA-2025-2/"
}
]
}
CERTFR-2023-AVI-0103
Vulnerability from certfr_avis - Published: 2023-02-08 - Updated: 2023-02-08
Une vulnérabilité a été découverte dans phpMyAdmin. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 5.x antérieures à 5.2.1 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.3.0 à 4.9.x antérieures à 4.9.11 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 5.x ant\u00e9rieures \u00e0 5.2.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions 4.3.0 \u00e0 4.9.x ant\u00e9rieures \u00e0 4.9.11",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2023-02-08T00:00:00",
"last_revision_date": "2023-02-08T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0103",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans phpMyAdmin. Elle permet \u00e0 un\nattaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Vuln\u00e9rabilit\u00e9 dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2023-1 du 07 f\u00e9vrier 2023",
"url": "https://www.phpmyadmin.net/security/PMASA-2023-1/"
}
]
}
CERTFR-2022-AVI-069
Vulnerability from certfr_avis - Published: 2022-01-24 - Updated: 2022-01-24
De multiples vulnérabilités ont été découvertes dans phpMyAdmin. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.9.x antérieures à 4.9.8 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 5.1.x antérieures à 5.1.2 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 4.9.x ant\u00e9rieures \u00e0 4.9.8",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions 5.1.x ant\u00e9rieures \u00e0 5.1.2",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-23807",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23807"
},
{
"name": "CVE-2022-23808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23808"
}
],
"initial_release_date": "2022-01-24T00:00:00",
"last_revision_date": "2022-01-24T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-069",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans phpMyAdmin. Elles\npermettent \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9 et une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2022-2 du 10 janvier 2022",
"url": "https://www.phpmyadmin.net/security/PMASA-2022-2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2022-1 du 10 janvier 2022",
"url": "https://www.phpmyadmin.net/security/PMASA-2022-1"
}
]
}
CERTFR-2020-AVI-628
Vulnerability from certfr_avis - Published: 2020-10-12 - Updated: 2020-10-12
De multiples vulnérabilités ont été découvertes dans phpMyAdmin. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS) et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 5.0.x versions antérieures à 5.0.3 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.9.x versions antérieures à 4.9.6 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 5.0.x versions ant\u00e9rieures \u00e0 5.0.3",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions 4.9.x versions ant\u00e9rieures \u00e0 4.9.6",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-26935",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26935"
},
{
"name": "CVE-2020-26934",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26934"
}
],
"initial_release_date": "2020-10-12T00:00:00",
"last_revision_date": "2020-10-12T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-628",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-10-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans phpMyAdmin. Elles\npermettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0\ndistance (XSS) et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2020-5 du 10 octobre 2020",
"url": "https://www.phpmyadmin.net/security/PMASA-2020-5/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2020-6 du 10 octobre 2020",
"url": "https://www.phpmyadmin.net/security/PMASA-2020-6/"
}
]
}
CERTFR-2020-AVI-167
Vulnerability from certfr_avis - Published: 2020-03-23 - Updated: 2020-03-23
De multiples vulnérabilités ont été découvertes dans phpMyAdmin . Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.9.x antérieures à 4.9.5 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 5.0.x antérieures à 5.0.2 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 4.9.x ant\u00e9rieures \u00e0 4.9.5",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions 5.0.x ant\u00e9rieures \u00e0 5.0.2",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-10804",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10804"
},
{
"name": "CVE-2020-10802",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10802"
},
{
"name": "CVE-2020-10803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10803"
}
],
"initial_release_date": "2020-03-23T00:00:00",
"last_revision_date": "2020-03-23T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2020-3 du 20 mars 2020",
"url": "https://www.phpmyadmin.net/security/PMASA-2020-3/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2020-2 du 20 mars 2020",
"url": "https://www.phpmyadmin.net/security/PMASA-2020-2/"
}
],
"reference": "CERTFR-2020-AVI-167",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-03-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans phpMyAdmin . Elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des\ndonn\u00e9es, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection\nde code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2020-3 du 20 mars 2020",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2020-4 du 20 mars 2020",
"url": "https://www.phpmyadmin.net/security/PMASA-2020-4/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2020-2 du 20 mars 2020",
"url": null
}
]
}
CERTFR-2020-AVI-010
Vulnerability from certfr_avis - Published: 2020-01-08 - Updated: 2020-01-08
Une vulnérabilité a été découverte dans phpMyAdmin. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 5.x antérieures à 5.0.1 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions antérieures à 4.9.4 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 5.x ant\u00e9rieures \u00e0 5.0.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions ant\u00e9rieures \u00e0 4.9.4",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-5504",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5504"
}
],
"initial_release_date": "2020-01-08T00:00:00",
"last_revision_date": "2020-01-08T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-010",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-01-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans phpMyAdmin. Elle permet \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2020-1 du 05 janvier 2020",
"url": "https://www.phpmyadmin.net/security/PMASA-2020-1/"
}
]
}
CERTFR-2019-AVI-249
Vulnerability from certfr_avis - Published: 2019-06-06 - Updated: 2019-06-06
Une vulnérabilité a été découverte dans phpMyAdmin. Elle permet à un attaquant de provoquer une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin toutes versions antérieures à 4.9.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin toutes versions ant\u00e9rieures \u00e0 4.9.0",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-12616",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12616"
}
],
"initial_release_date": "2019-06-06T00:00:00",
"last_revision_date": "2019-06-06T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-249",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-06-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans phpMyAdmin. Elle permet \u00e0 un\nattaquant de provoquer une injection de requ\u00eates ill\u00e9gitimes par rebond\n(CSRF).\n",
"title": "Vuln\u00e9rabilit\u00e9 dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2019-4 du 04 juin 2019",
"url": "https://www.phpmyadmin.net/security/PMASA-2019-4/"
}
]
}
CERTFR-2018-AVI-404
Vulnerability from certfr_avis - Published: 2018-08-23 - Updated: 2018-08-23
Une vulnérabilité a été découverte dans phpMyAdmin . Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions antérieures à 4.8.3 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions ant\u00e9rieures \u00e0 4.8.3",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-15605",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15605"
}
],
"initial_release_date": "2018-08-23T00:00:00",
"last_revision_date": "2018-08-23T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-404",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-08-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans phpMyAdmin . Elle permet \u00e0 un\nattaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Vuln\u00e9rabilit\u00e9 dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2018-5 du 21 ao\u00fbt 2018",
"url": "https://www.phpmyadmin.net/security/PMASA-2018-5/"
}
]
}
CERTFR-2018-AVI-300
Vulnerability from certfr_avis - Published: 2018-06-22 - Updated: 2018-06-22
De multiples vulnérabilités ont été découvertes dans phpMyAdmin. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions antérieures à 4.8.2. |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions ant\u00e9rieures \u00e0 4.8.2.",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-12581",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12581"
},
{
"name": "CVE-2018-12613",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12613"
}
],
"initial_release_date": "2018-06-22T00:00:00",
"last_revision_date": "2018-06-22T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-300",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-06-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans phpMyAdmin. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance et une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2018-3 du 19 juin 2018",
"url": "https://www.phpmyadmin.net/security/PMASA-2018-3/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2018-4 du 19 juin 2018",
"url": "https://www.phpmyadmin.net/security/PMASA-2018-4/"
}
]
}
CERTFR-2018-AVI-093
Vulnerability from certfr_avis - Published: 2018-02-21 - Updated: 2018-02-21
Une vulnérabilité a été découverte dans phpMyAdmin . Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.7.x antérieures à 4.7.8 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 4.7.x ant\u00e9rieures \u00e0 4.7.8",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-7260",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7260"
}
],
"initial_release_date": "2018-02-21T00:00:00",
"last_revision_date": "2018-02-21T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-093",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-02-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans phpMyAdmin . Elle permet \u00e0 un\nattaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Vuln\u00e9rabilit\u00e9 dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2018-1 du 20 f\u00e9vrier 2018",
"url": "https://www.phpmyadmin.net/security/PMASA-2018-1/"
}
]
}
CERTFR-2018-AVI-001
Vulnerability from certfr_avis - Published: 2018-01-03 - Updated: 2018-01-03
Une vulnérabilité a été découverte dans phpMyAdmin . Elle permet à un attaquant de provoquer une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.7.x antérieures à 4.7.7 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 4.7.x ant\u00e9rieures \u00e0 4.7.7",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-1000499",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000499"
}
],
"initial_release_date": "2018-01-03T00:00:00",
"last_revision_date": "2018-01-03T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-001",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-01-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans phpMyAdmin . Elle permet \u00e0 un\nattaquant de provoquer une injection de requ\u00eates ill\u00e9gitimes par rebond\n(CSRF).\n",
"title": "Vuln\u00e9rabilit\u00e9 dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2017-9 du 20 d\u00e9cembre 2017",
"url": "https://www.phpmyadmin.net/security/PMASA-2017-9/"
}
]
}
CERTFR-2016-AVI-390
Vulnerability from certfr_avis - Published: 2016-11-25 - Updated: 2016-11-25
De multiples vulnérabilités ont été corrigées dans phpMyAdmin. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.0.X antérieures à 4.0.10.18 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.4.X antérieures à 4.4.15.19 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.6.X antérieures à 4.6.5 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 4.0.X ant\u00e9rieures \u00e0 4.0.10.18",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions 4.4.X ant\u00e9rieures \u00e0 4.4.15.19",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions 4.6.X ant\u00e9rieures \u00e0 4.6.5",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2016-11-25T00:00:00",
"last_revision_date": "2016-11-25T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-68 du 25 novembre 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-68/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-67 du 25 novembre 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-67/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-62 du 25 novembre 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-62/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-63 du 25 novembre 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-63/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-65 du 25 novembre 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-65/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-70 du 25 novembre 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-70/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-69 du 25 novembre 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-69/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-64 du 25 novembre 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-64/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-71 du 25 novembre 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-71/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-66 du 25 novembre 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-66/"
}
],
"reference": "CERTFR-2016-AVI-390",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-11-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nun d\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-66 du 25 novembre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-63 du 25 novembre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-67 du 25 novembre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-62 du 25 novembre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-71 du 25 novembre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-68 du 25 novembre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-70 du 25 novembre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-65 du 25 novembre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-64 du 25 novembre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-69 du 25 novembre 2016",
"url": null
}
]
}
CERTFR-2016-AVI-077
Vulnerability from certfr_avis - Published: 2016-03-03 - Updated: 2016-03-03
De multiples vulnérabilités ont été corrigées dans phpMyAdmin. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.5.x antérieures à 4.5.5.1 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.0.x antérieures à 4.0.10.15 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.4.x antérieures à 4.4.15.5 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 4.5.x ant\u00e9rieures \u00e0 4.5.5.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions 4.0.x ant\u00e9rieures \u00e0 4.0.10.15",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions 4.4.x ant\u00e9rieures \u00e0 4.4.15.5",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-2561",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2561"
},
{
"name": "CVE-2016-2559",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2559"
},
{
"name": "CVE-2016-2560",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2560"
},
{
"name": "CVE-2016-2562",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2562"
}
],
"initial_release_date": "2016-03-03T00:00:00",
"last_revision_date": "2016-03-03T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-13 du 25 f\u00e9vrier 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-13/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-11 du 25 f\u00e9vrier 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-11/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-12 du 25 f\u00e9vrier 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-12/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-10 du 25 f\u00e9vrier 2016",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-10/"
}
],
"reference": "CERTFR-2016-AVI-077",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-03-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0\nun attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9,\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-13 du 25 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-12 du 25 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-10 du 25 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2016-11 du 25 f\u00e9vrier 2016",
"url": null
}
]
}
CERTFR-2015-AVI-450
Vulnerability from certfr_avis - Published: 2015-10-23 - Updated: 2015-10-23
Une vulnérabilité a été corrigée dans phpMyAdmin. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.5.x antérieures à 4.5.1 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.4.x antérieures à 4.4.15.1 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 4.5.x ant\u00e9rieures \u00e0 4.5.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions 4.4.x ant\u00e9rieures \u00e0 4.4.15.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-7873",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7873"
}
],
"initial_release_date": "2015-10-23T00:00:00",
"last_revision_date": "2015-10-23T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2015-5 du 23 octobre 2015",
"url": "https://www.phpmyadmin.net/security/PMASA-2015-5/"
}
],
"reference": "CERTFR-2015-AVI-450",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-10-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e. Elle permet \u00e0 un attaquant de\nprovoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2015-5 du 23 octobre 2015",
"url": null
}
]
}
CERTFR-2015-AVI-390
Vulnerability from certfr_avis - Published: 2015-09-16 - Updated: 2015-09-16
Une vulnérabilité a été corrigée dans phpMyAdmin. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions antérieures à 4.3.13.2 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions antérieures à 4.4.14.1 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions ant\u00e9rieures \u00e0 4.3.13.2",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions ant\u00e9rieures \u00e0 4.4.14.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-6830",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6830"
}
],
"initial_release_date": "2015-09-16T00:00:00",
"last_revision_date": "2015-09-16T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2015-4 du 08 septembre 2015",
"url": "https://www.phpmyadmin.net/security/PMASA-2015-4/"
}
],
"reference": "CERTFR-2015-AVI-390",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-09-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e. Elle permet \u00e0 un attaquant de\nprovoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2015-4 du 08 septembre 2015",
"url": null
}
]
}
CERTFR-2015-AVI-226
Vulnerability from certfr_avis - Published: 2015-05-15 - Updated: 2015-05-15
De multiples vulnérabilités ont été corrigées dans PHPMyAdmin. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | PHPMyAdmin versions 4.2.x antérieures à 4.2.13.3 | ||
| phpMyAdmin | phpMyAdmin | PHPMyAdmin versions 4.3.x antérieures à 4.3.13.1 | ||
| phpMyAdmin | phpMyAdmin | PHPMyAdmin versions 4.4.x antérieures à 4.4.6.1 | ||
| phpMyAdmin | phpMyAdmin | PHPMyAdmin versions 4.0.x antérieures à 4.0.10.10 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PHPMyAdmin versions 4.2.x ant\u00e9rieures \u00e0 4.2.13.3",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "PHPMyAdmin versions 4.3.x ant\u00e9rieures \u00e0 4.3.13.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "PHPMyAdmin versions 4.4.x ant\u00e9rieures \u00e0 4.4.6.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "PHPMyAdmin versions 4.0.x ant\u00e9rieures \u00e0 4.0.10.10",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-3902",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3902"
},
{
"name": "CVE-2015-3903",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3903"
}
],
"initial_release_date": "2015-05-15T00:00:00",
"last_revision_date": "2015-05-15T00:00:00",
"links": [],
"reference": "CERTFR-2015-AVI-226",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-05-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ePHPMyAdmin\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une injection de requ\u00eates ill\u00e9gitimes par\nrebond (CSRF).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans PHPMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PHPMyAdmin PMASA-2015-2 du 13 mai 2015",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2015-2.php"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PHPMyAdmin PMASA-2015-3 du 13 mai 2015",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2015-3.php"
}
]
}
CERTFR-2014-AVI-506
Vulnerability from certfr_avis - Published: 2014-12-05 - Updated: 2014-12-05
De multiples vulnérabilités ont été corrigées dans phpMyAdmin. Elles permettent à un attaquant de provoquer un déni de service à distance et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | versions antérieures à phpMyAdmin 4.1.14.8 | ||
| phpMyAdmin | phpMyAdmin | versions antérieures à phpMyAdmin 4.0.10.7 | ||
| phpMyAdmin | phpMyAdmin | Versions antérieures à phpMyAdmin 4.2.13.1 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "versions ant\u00e9rieures \u00e0 phpMyAdmin 4.1.14.8",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "versions ant\u00e9rieures \u00e0 phpMyAdmin 4.0.10.7",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "Versions ant\u00e9rieures \u00e0 phpMyAdmin 4.2.13.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-9219",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9219"
},
{
"name": "CVE-2014-9218",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9218"
}
],
"initial_release_date": "2014-12-05T00:00:00",
"last_revision_date": "2014-12-05T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-18 du 03 d\u00e9cembre 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-17 du 03 d\u00e9cembre 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php"
}
],
"reference": "CERTFR-2014-AVI-506",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-12-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et une injection de code\nindirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-17 du 03 d\u00e9cembre 2014",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-18 du 03 d\u00e9cembre 2014",
"url": null
}
]
}
CERTFR-2014-AVI-494
Vulnerability from certfr_avis - Published: 2014-11-24 - Updated: 2014-11-24
De multiples vulnérabilités ont été corrigées dans phpMyAdmin. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin branche 4.0.X versions antérieures à 4.0.10.6 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin branche 4.2.X versions antérieures à 4.1.12 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin branche 4.1.X versions antérieures à 4.1.14.7 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin branche 4.0.X versions ant\u00e9rieures \u00e0 4.0.10.6",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin branche 4.2.X versions ant\u00e9rieures \u00e0 4.1.12",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin branche 4.1.X versions ant\u00e9rieures \u00e0 4.1.14.7",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-8959",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8959"
},
{
"name": "CVE-2014-8961",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8961"
},
{
"name": "CVE-2014-8958",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8958"
},
{
"name": "CVE-2014-8960",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8960"
}
],
"initial_release_date": "2014-11-24T00:00:00",
"last_revision_date": "2014-11-24T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-494",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-11-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection\nde code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PMASA-2014-15 du 20 novembre 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PMASA-2014-14 du 20 novembre 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PMASA-2014-16 du 20 novembre 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PMASA-2014-13 du 20 novembre 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php"
}
]
}
CERTFR-2014-AVI-386
Vulnerability from certfr_avis - Published: 2014-09-15 - Updated: 2014-09-15
Une vulnérabilité a été corrigée dans phpMyAdmin. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS) et une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions antérieures à 4.0.10.3 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions antérieures à 4.2.8.1 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions antérieures à 4.1.14.4 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions ant\u00e9rieures \u00e0 4.0.10.3",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions ant\u00e9rieures \u00e0 4.2.8.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions ant\u00e9rieures \u00e0 4.1.14.4",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-6300",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6300"
}
],
"initial_release_date": "2014-09-15T00:00:00",
"last_revision_date": "2014-09-15T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-10 du 13 septembre 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php"
}
],
"reference": "CERTFR-2014-AVI-386",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-09-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e. Elle permet \u00e0 un attaquant de\nprovoquer une injection de code indirecte \u00e0 distance (XSS) et une\ninjection de requ\u00eates ill\u00e9gitimes par rebond (CSRF).\n",
"title": "Vuln\u00e9rabilit\u00e9 dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-10 du 13 septembre 2014",
"url": null
}
]
}
CERTFR-2014-AVI-371
Vulnerability from certfr_avis - Published: 2014-09-03 - Updated: 2014-09-03
De multiples vulnérabilités ont été corrigées dans phpMyAdmin. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | versions antérieures à phpMyAdmin 4.1.14.3 | ||
| phpMyAdmin | phpMyAdmin | versions antérieures à phpMyAdmin 4.2.7.1 | ||
| phpMyAdmin | phpMyAdmin | Versions antérieures à phpMyAdmin 4.0.10.2 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "versions ant\u00e9rieures \u00e0 phpMyAdmin 4.1.14.3",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "versions ant\u00e9rieures \u00e0 phpMyAdmin 4.2.7.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "Versions ant\u00e9rieures \u00e0 phpMyAdmin 4.0.10.2",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-5273",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-5273"
},
{
"name": "CVE-2014-5274",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-5274"
}
],
"initial_release_date": "2014-09-03T00:00:00",
"last_revision_date": "2014-09-03T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-8 du 17 ao\u00fbt 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-9 du 17 ao\u00fbt 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php"
}
],
"reference": "CERTFR-2014-AVI-371",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-09-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-9 du 17 ao\u00fbt 2014",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-8 du 17 ao\u00fbt 2014",
"url": null
}
]
}
CERTFR-2014-AVI-330
Vulnerability from certfr_avis - Published: 2014-07-21 - Updated: 2014-07-21
De multiples vulnérabilités ont été corrigées dans phpMyAdmin. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions antérieures à 4.2.6 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions antérieures à 4.1.14.2 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions antérieures à 4.0.10.1 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions ant\u00e9rieures \u00e0 4.2.6",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions ant\u00e9rieures \u00e0 4.1.14.2",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions ant\u00e9rieures \u00e0 4.0.10.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-4986",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4986"
},
{
"name": "CVE-2014-4954",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4954"
},
{
"name": "CVE-2014-4955",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4955"
},
{
"name": "CVE-2014-4987",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4987"
}
],
"initial_release_date": "2014-07-21T00:00:00",
"last_revision_date": "2014-07-21T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-330",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-07-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une injection de code indirecte \u00e0 distance (XSS) et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PMASA-2014-4 du 21 juillet 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PMASA-2014-6 du 21 juillet 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PMASA-2014-5 du 21 juillet 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PMASA-2014-7 du 21 juillet 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php"
}
]
}
CERTFR-2014-AVI-281
Vulnerability from certfr_avis - Published: 2014-06-23 - Updated: 2014-06-23
De multiples vulnérabilités ont été corrigées dans phpMyAdmin. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.1.x antérieures à 4.1.14.1 | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 4.2.x antérieures à 4.2.4 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 4.1.x ant\u00e9rieures \u00e0 4.1.14.1",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions 4.2.x ant\u00e9rieures \u00e0 4.2.4",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-4348",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4348"
},
{
"name": "CVE-2014-4349",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4349"
}
],
"initial_release_date": "2014-06-23T00:00:00",
"last_revision_date": "2014-06-23T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-3 du 20 juin 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-3.php"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-2 du 20 juin 2014",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-2.php"
}
],
"reference": "CERTFR-2014-AVI-281",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-06-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-2 du 20 juin 2014",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2014-3 du 20 juin 2014",
"url": null
}
]
}
CERTA-2013-AVI-442
Vulnerability from certfr_avis - Published: 2013-07-29 - Updated: 2013-07-29
De multiples vulnérabilités ont été corrigées dans phpMyAdmin. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une élévation de privilèges et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | versions antérieures à phpMyAdmin 4.0.4.2 | ||
| phpMyAdmin | phpMyAdmin | Versions antérieures à phpMyAdmin 3.5.8.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "versions ant\u00e9rieures \u00e0 phpMyAdmin 4.0.4.2",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "Versions ant\u00e9rieures \u00e0 phpMyAdmin 3.5.8.2",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2013-07-29T00:00:00",
"last_revision_date": "2013-07-29T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-15 du 28 juillet 2013",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-13 du 28 juillet 2013",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-14 du 28 juillet 2013",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-11 du 28 juillet 2013",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-11.php"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-8 du 28 juillet 2013",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-8.php"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-9 du 28 juillet 2013",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-12 du 28 juillet 2013",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php"
}
],
"reference": "CERTA-2013-AVI-442",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-07-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une \u00e9l\u00e9vation\nde privil\u00e8ges et une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-15 du 28 juillet 2013",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-12 du 28 juillet 2013",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-13 du 28 juillet 2013",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-9 du 28 juillet 2013",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-11 du 28 juillet 2013",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-8 du 28 juillet 2013",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2013-14 du 28 juillet 2013",
"url": null
}
]
}
CERTA-2012-AVI-449
Vulnerability from certfr_avis - Published: 2012-08-20 - Updated: 2012-08-20
Une vulnérabilité a été corrigée dans phpMyAdmin. Elle concerne une injection de code indirecte à distance (XSS) présente dans de multiples pages et actions du logiciel.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | versions antérieures à phpMyAdmin 3.4.11.1 pour la branche 3.4. | ||
| phpMyAdmin | phpMyAdmin | Versions antérieures à phpMyAdmin 3.5.2.2 pour la branche 3.5 ; |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "versions ant\u00e9rieures \u00e0 phpMyAdmin 3.4.11.1 pour la branche 3.4.",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "Versions ant\u00e9rieures \u00e0 phpMyAdmin 3.5.2.2 pour la branche 3.5 ;",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-4345",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4345"
}
],
"initial_release_date": "2012-08-20T00:00:00",
"last_revision_date": "2012-08-20T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2012-4 du 16 ao\u00fbt 2012 :",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php"
}
],
"reference": "CERTA-2012-AVI-449",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-08-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e. Elle concerne une injection de code\nindirecte \u00e0 distance (XSS) pr\u00e9sente dans de multiples pages et actions\ndu logiciel.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2012-4 du 16 ao\u00fbt 2012",
"url": null
}
]
}
CERTA-2011-AVI-475
Vulnerability from certfr_avis - Published: 2011-08-26 - Updated: 2011-08-26
De multiples vulnérabilités ont été découvertes dans phpMyAdmin. Ces vulnérabilités permettent l'injection de script dans les pages rendues par phpMyAdmin.
Description
De multiples vulnérabilités ont été découvertes dans phpMyAdmin. Ces vulnérabilités permettent l'injection de script dans les pages rendues par phpMyAdmin. Une vérification imparfaite des noms de table, de colonnes et d'index peuvent mener à l'injection de code HTML ou scripts.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 3.3.0 à 3.4.3.2. |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 3.3.0 \u00e0 3.4.3.2.",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans phpMyAdmin. Ces\nvuln\u00e9rabilit\u00e9s permettent l\u0027injection de script dans les pages rendues\npar phpMyAdmin. Une v\u00e9rification imparfaite des noms de table, de\ncolonnes et d\u0027index peuvent mener \u00e0 l\u0027injection de code HTML ou scripts.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-3181",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3181"
}
],
"initial_release_date": "2011-08-26T00:00:00",
"last_revision_date": "2011-08-26T00:00:00",
"links": [],
"reference": "CERTA-2011-AVI-475",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-08-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e. Ces vuln\u00e9rabilit\u00e9s permettent\nl\u0027injection de script dans les pages rendues par \u003cspan\nclass=\"textit\"\u003ephpMyAdmin\u003c/span\u003e.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin versions 3.3.0 \u00e0 3.4.3.2",
"vendor_advisories": [
{
"published_at": null,
"title": "Annonce phpMyAdmin PMASA-2011-13",
"url": "http://phpmyadmin.net/home_page/security/PMASA-2011-13.php"
}
]
}
CERTA-2011-AVI-380
Vulnerability from certfr_avis - Published: 2011-07-05 - Updated: 2011-07-05
Plusieurs vulnérabilités dans phpMyAdmin permettent à un utilisateur distant d'exécuter du code arbitraire, de porter atteinte à l'intégrité ou à la confidentialité de certaines données.
Description
Plusieurs vulnérabilités sont présentes dans phpMyAdmin :
- la première permet de modifier le contenu de certaines variables de session et ce faisant d'exécuter du code arbitraire ;
- la seconde concerne un manque de contrôle sur certaines URL passées au serveur et permet d'exécuter du code arbitraire à distance ;
- la troisième vulnérabilité relative à un manque de contrôle des expressions régulières permet de conduire des attaques de type traversée de répertoire ;
- la dernière concerne également un problème de traversée de répertoire lié à la gestion de certains types MIME.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 3.4.3.0 et antérieures. | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 3.3.10.1 et antérieures ; |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 3.4.3.0 et ant\u00e9rieures.",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions 3.3.10.1 et ant\u00e9rieures ;",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans phpMyAdmin :\n\n- la premi\u00e8re permet de modifier le contenu de certaines variables de\n session et ce faisant d\u0027ex\u00e9cuter du code arbitraire ;\n- la seconde concerne un manque de contr\u00f4le sur certaines URL pass\u00e9es\n au serveur et permet d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance ;\n- la troisi\u00e8me vuln\u00e9rabilit\u00e9 relative \u00e0 un manque de contr\u00f4le des\n expressions r\u00e9guli\u00e8res permet de conduire des attaques de type\n travers\u00e9e de r\u00e9pertoire ;\n- la derni\u00e8re concerne \u00e9galement un probl\u00e8me de travers\u00e9e de\n r\u00e9pertoire li\u00e9 \u00e0 la gestion de certains types MIME.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-2508",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2508"
},
{
"name": "CVE-2011-2505",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2505"
},
{
"name": "CVE-2011-2506",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2506"
},
{
"name": "CVE-2011-2507",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2507"
}
],
"initial_release_date": "2011-07-05T00:00:00",
"last_revision_date": "2011-07-05T00:00:00",
"links": [
{
"title": "Bulletins de s\u00e9curit\u00e9 phpMyAdmin PMASA-2011-7 du 02 juillet 2011 :",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 phpMyAdmin PMASA-2011-6 du 02 juillet 2011 :",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 phpMyAdmin PMASA-2011-5 du 02 juillet 2011 :",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 phpMyAdmin PMASA-2011-8 du 02 juillet 2011 :",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php"
}
],
"reference": "CERTA-2011-AVI-380",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-07-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans phpMyAdmin permettent \u00e0 un utilisateur\ndistant d\u0027ex\u00e9cuter du code arbitraire, de porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9\nou \u00e0 la confidentialit\u00e9 de certaines donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletins de s\u00e9curit\u00e9 phpMyAdmin du 03 juillet 2011",
"url": null
}
]
}
CERTA-2011-AVI-091
Vulnerability from certfr_avis - Published: 2011-02-16 - Updated: 2011-02-16
Une vulnérabilité dans phpMyAdmin peut être utilisée pour faire exécuter une commande SQL par un autre utilisateur.
Description
Une vulnérabilité a été corrigée dans la fonction PMA_Bookmark_get de phpMyAdmin. Un attaquant authentifié peut utiliser cette vulnérabilité, à l'aide d'un marque page spécialement conçu, pour faire exécuter une commande SQL par un autre utilisateur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin 3.3.x. | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin 2.11.x ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin 3.3.x.",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin 2.11.x ;",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans la fonction PMA_Bookmark_get de\nphpMyAdmin. Un attaquant authentifi\u00e9 peut utiliser cette vuln\u00e9rabilit\u00e9,\n\u00e0 l\u0027aide d\u0027un marque page sp\u00e9cialement con\u00e7u, pour faire ex\u00e9cuter une\ncommande SQL par un autre utilisateur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-0987",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0987"
}
],
"initial_release_date": "2011-02-16T00:00:00",
"last_revision_date": "2011-02-16T00:00:00",
"links": [],
"reference": "CERTA-2011-AVI-091",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-02-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans phpMyAdmin peut \u00eatre utilis\u00e9e pour faire ex\u00e9cuter\nune commande \u003cspan class=\"textit\"\u003eSQL\u003c/span\u003e par un autre utilisateur.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin phpMyAdmin PMASA-2011-2 du 11 f\u00e9vrier 2011",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-2.php"
}
]
}