phpMyAdmin suffers from a remote arbitrary file reading vulnerability when using a simplexml_load_string function meant to read xml from user input.
e9107c1ea9ecd076a0b594c54978d18ecaa5e210966639afd6ab79b6715853a9phpMyAdmin version 4.8.1 remote code execution exploit.
c7fd500b6b33a3e044159ceaba0504a93de489c811db969c2903f7741e995f09phpMyAdmin version 4.9.0.1 suffers from a cross site request forgery vulnerability.
3b362d9ec9ed47dccd9f79635b1b308b77972a0c8eb23da78a9514ca445654daphpMyAdmin version 4.8 suffers from a cross site request forgery vulnerability.
1195e94c941b44b7613f283cea8689e64c13b0485be6d8b2b38539f01103e2c4phpMyAdmin version 4.8.1 authenticated local file inclusion proof of concept exploits.
99adf4308fa706903d75dfc6e085c7ba2d9885c407bb3424f26d594818c0460aThis Metasploit module gathers phpMyAdmin credentials from a target linux machine.
5ff70db330dfb5a4f9e077101c4ac494e8ecbbd010bd2c1ee7d93939ca5de46dphpMyAdmin version 4.7.x suffers from a cross site request forgery vulnerability.
e63d2dcc5948a45882c170f9e3e441a265cf1233d27f4dee8c082aeef27611e0phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1.
dae18ef3348cf3077fd1fd7c0054e8bcb0185fb7e809a95ee03722cd6aacb0d5phpMyAdmin version 4.8.1 suffers from a local file inclusion vulnerability that can lead to code execution.
7050bd8ba32a957693bf8e975344bff3d03e5961028dc6d3ce1b55150c1c75bdphpMyAdmin version 4.8.1 suffers from an authenticated local file inclusion vulnerabilities.
10f1c79df42b570582f12ca0a79fda04ac535de993f89a192efc5df8747b4b0dphpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.
46f778fd23af1e4e604d32a71ab007e759502445aee2fac99855d70658df179cphpMyAdmin versions 4.8.0 prior to 4.8.0-1 suffer from a cross site request forgery vulnerability.
9cfd84da87554bcd8174bf97790826c4ca7d710ed62b418752b378c57b0699c5This Metasploit module exploits a PREG_REPLACE_EVAL vulnerability in phpMyAdmin's replace_prefix_tbl within libraries/mult_submits.inc.php via db_settings.php. This affects versions 3.5.x below 3.5.8.1 and 4.0.0 below 4.0.0-rc3. PHP versions greater than 5.4.6 are not vulnerable.
cde46aba3bb442a48c277780f2ae183ec296c40bdbad1fb176830924a1405679This Metasploit module exploits an arbitrary code execution backdoor placed into phpMyAdmin version 3.5.2.2 through a compromised SourceForge mirror.
59077add4c187d53c147d92602048e756381c136f672e418d6ccc8272b22fa12phpMyAdmin versions 3.3.x and 3.4.x suffer from a local file inclusion vulnerability via XXE injection. The attacker must be logged in to MySQL via phpMyAdmin.
3198e8d89bc1a8cc793e92a6136c7fe6f956875742096c8de8840899af48ddb4phpMyAdmin versions prior to 3.3.10.2 and 3.4.3.1 Session Serializer arbitrary PHP code execution exploit.
5e7ad567c633e8ad8056175f53ce0b27b0f71ab25dcad559a953f71c06756cc9phpMyAdmin versions below 3.3.10.3 and 3.4.3.2 suffer from a session manipulation vulnerability when the Swekey extension is activated.
4f0f8d6c23093df629d9ead3d0bece7eb8518e3b4ee9aeea91d3ae070f63ee29phpMyAdmin Swekey remote code injection exploit that affects versions prior to 3.4.3.1 and versions prior to 3.3.10.2.
ad7c03013a93cbfc3a71ddcf1e0e7a96dc3afaf12cd89e7617e169215191b09fphpMyAdmin version 3.x suffers from multiple remote code execution vulnerabilities.
2c8f67b34ff9e950a203c8d95cb5db1edaf669e76877d659e135f52bfce8de93This is a simple perl script that enumerates various possible directories on a given website in order to determine whether or not a phpMyAdmin instance may be installed.
1f00827393ec5f0b4d92aa4c0dfd1657cfa2e7a567c31c7aec7d9e2d47baf1dcphpMyAdmin versions 3.3.9 and below suffers from brute force and path disclosure vulnerabilities.
57dff876815eb07a5a14b2a29cab989fa9f079aa94371b1d74b85134fb0f35f5phpMyAdmin versions 3.4.x and 3.4.0 beta 2 suffer from a stored cross site scripting vulnerability.
6c62a516dcba43d0e52fddd8b8bbc0b20bf6c067e550603506999902959ff3d8phpMyAdmin suffers from client side code injection and redirect link falsification vulnerabilities.
1909f0c63f7acbf171fbb40d96182a3ac8dfc8931cca96fca2ea11b4f539118bphpMyAdmin versions 3.3.5 and below and 2.11.10 and below suffer from cross site scripting vulnerabilities.
683d4d1d848e1bf87e1ddd1c9586a465184804a8748418fcf1ed55261779cf1dphpMyAdmin version 3.3.0 suffers from a cross site scripting vulnerability.
8aa29d886eb65b49c4d21533ec1a6f3a100b671f7165a14504b14bce63fa2114This Metasploit module exploits a vulnerability in PhpMyAdmin's setup feature which allows an attacker to inject arbitrary PHP code into a configuration file. The original advisory says the vulnerability is present in phpMyAdmin versions 2.11.x < 2.11.9.5 and 3.x < 3.1.3.1; this module was tested on 3.0.1.1. The file where our payload is written (phpMyAdmin/config/config.inc.php) is not directly used by the system, so it may be a good idea to either delete it or copy the running config (phpMyAdmin/config.inc.php) over it after successful exploitation.
c6dcd3c567ac45d96e97a2bc40e1b5ef02017edab7e4eb3995b6fbcd852cad26
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed