An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPhpmyadmin
APPPhpmyadmin4.0.04.0.14.0.104.0.10.14.0.10.104.0.10.114.0.10.124.0.10.134.0.10.144.0.10.154.0.10.164.0.10.174.0.10.24.0.10.34.0.10.4+ 48 więcej
Related vulnerabilities
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 a...
SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5...
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection v...
phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevis...
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL...