https://www.phpmyadmin.net/files/Security announcements from the phpMyAdmin project.en-usTue, 07 Feb 2023 17:41:50 +0000https://www.phpmyadmin.net/security/PMASA-2023-1/<p>XSS vulnerability in drag-and-drop upload</p> <h3>Affected Versions</h3> <p>phpMyAdmin versions prior to 4.9.11 and 5.2.1 are affected. The vulnerability has existed since release version 4.3.0.</p> <h3>CVE ID</h3> <p><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25727">CVE-2023-25727</a></p> phpMyAdmin Security TeamTue, 07 Feb 2023 17:41:50 +0000https://www.phpmyadmin.net/security/PMASA-2023-1/https://www.phpmyadmin.net/security/PMASA-2022-2/<p>Multiple XSS and HTML injection attacks in setup script</p> <h3>Affected Versions</h3> <p>phpMyAdmin versions of the 5.1 branch prior to 5.1.2 are affected.</p> <h3>CVE ID</h3> <p><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23808">CVE-2022-23808</a></p> phpMyAdmin Security TeamMon, 10 Jan 2022 17:48:37 +0000https://www.phpmyadmin.net/security/PMASA-2022-2/https://www.phpmyadmin.net/security/PMASA-2022-1/<p>Two factor authentication bypass</p> <h3>Affected Versions</h3> <p>phpMyAdmin versions of the 4.9 branch prior to 4.9.8 and 5.1 prior to 5.1.2 are affected.</p> <h3>CVE ID</h3> <p><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23807">CVE-2022-23807</a></p> phpMyAdmin Security TeamMon, 10 Jan 2022 17:01:34 +0000https://www.phpmyadmin.net/security/PMASA-2022-1/https://www.phpmyadmin.net/security/PMASA-2020-6/<p>SQL injection vulnerability in SearchController</p> <h3>Affected Versions</h3> <p>phpMyAdmin 4.9.x releases prior to 4.9.6 and the 5.0.x releases prior to 5.0.3 are affected.</p> <h3>CVE ID</h3> <p><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26935">CVE-2020-26935</a></p> phpMyAdmin Security TeamSat, 10 Oct 2020 00:38:32 +0000https://www.phpmyadmin.net/security/PMASA-2020-6/https://www.phpmyadmin.net/security/PMASA-2020-5/<p>XSS relating to the transformation feature</p> <h3>Affected Versions</h3> <p>phpMyAdmin 4.9.x releases prior to 4.9.6 and the 5.0.x releases prior to 5.0.3 are affected. We believe the flaw was introduced with phpMyAdmin 2.5.0.</p> <h3>CVE ID</h3> <p><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26934">CVE-2020-26934</a></p> phpMyAdmin Security TeamSat, 10 Oct 2020 00:19:36 +0000https://www.phpmyadmin.net/security/PMASA-2020-5/https://www.phpmyadmin.net/security/PMASA-2020-4/<p>SQL injection relating to data display</p> <h3>Affected Versions</h3> <p>phpMyAdmin 4.9.x releases prior to 4.9.5 and the 5.0.x releases prior to 5.0.2 are affected. We believe the flaw was introduced with phpMyAdmin 3.4.</p> <h3>CVE ID</h3> <p><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10803">CVE-2020-10803</a></p> phpMyAdmin Security TeamFri, 20 Mar 2020 12:00:00 +0000https://www.phpmyadmin.net/security/PMASA-2020-4/https://www.phpmyadmin.net/security/PMASA-2020-3/<p>SQL injection relating to searching</p> <h3>Affected Versions</h3> <p>phpMyAdmin 4.9.x releases prior to 4.9.5 and the 5.0.x releases prior to 5.0.2 are affected.</p> <h3>CVE ID</h3> <p><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10802">CVE-2020-10802</a></p> phpMyAdmin Security TeamFri, 20 Mar 2020 12:00:00 +0000https://www.phpmyadmin.net/security/PMASA-2020-3/https://www.phpmyadmin.net/security/PMASA-2020-2/<p>SQL injection with processing username</p> <h3>Affected Versions</h3> <p>phpMyAdmin 4.9.x releases prior to 4.9.5 and the 5.0.x releases prior to 5.0.2 are affected.</p> <h3>CVE ID</h3> <p><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10804">CVE-2020-10804</a></p> phpMyAdmin Security TeamFri, 20 Mar 2020 12:00:00 +0000https://www.phpmyadmin.net/security/PMASA-2020-2/https://www.phpmyadmin.net/security/PMASA-2020-1/<p>SQL injection in user accounts page</p> <h3>Affected Versions</h3> <p>phpMyAdmin 4.x versions prior to 4.9.4 are affected, at least as old as 4.0.0. phpMyAdmin 5.x version 5.0.0 is affected.</p> <h3>CVE ID</h3> <p><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5504">CVE-2020-5504</a></p> phpMyAdmin Security TeamSun, 05 Jan 2020 14:36:53 +0000https://www.phpmyadmin.net/security/PMASA-2020-1/https://www.phpmyadmin.net/security/PMASA-2019-5/<p>SQL injection in Designer feature</p> <h3>Affected Versions</h3> <p>phpMyAdmin versions prior to 4.9.2 are affected, at least as old as 4.7.7.</p> <h3>CVE ID</h3> <p><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18622">CVE-2019-18622</a></p> phpMyAdmin Security TeamMon, 28 Oct 2019 14:05:40 +0000https://www.phpmyadmin.net/security/PMASA-2019-5/