Software Detail

Software Informaton Top

System Management Tool

Software Detail

phpMyAdmin

Number Of NVD

270

CRITICAL

HIGH

MEDIUM

172

LOW

URL	https://www.phpmyadmin.net/
Explanation	phpMyAdmin is a free software tool written in PHP and intended to handle the administration of MySQL via the web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. Frequently used operations (managing databases, tables, columns, relations, indexes, users, permissions, etc.) can be performed via the user interface, with the ability to execute SQL statements directly. Translated and excerpted from [https://www.phpmyadmin.net/]. This is a convenient way to manage MySQL without having to type SQL directly.
Tag	GPL v2

Add Information URL

No	Type	Name	URL
1			https://www.phpmyadmin.net/downloads/
2			https://www.phpmyadmin.net/files/
3			https://www.phpmyadmin.net/security/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
91	phpMyAdmin 5	5.2.3	Oct. 8, 2025	Dec. 26, 2019	2	5	4	0
92	phpMyAdmin 4	4.9.7	Oct. 15, 2020	May 3, 2013	13	30	89	16
93	phpMyAdmin 3	3.5.8.2	July 28, 2013	Sept. 27, 2008	4	8	48	10
94	phpMyAdmin 2	2.11.11.3	Feb. 11, 2011	May 12, 1999	4	22	64	10
95	phpMyAdmin 1	1.3.1	Dec. 27, 1998	Nov. 3, 1998	3	10	21	6
96	phpMyAdmin 0	0.9.0			3	9	21	6

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	Update date Published date	Show Affected	Exploit PoC Search
91	6.1 4.3	MEDIUM Network	Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before …	CWE-79 Cross-site Scripting	CVE-2016-5732	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:54 2016-07-3	Show	GitHub Exploit DB Packet Storm

92	6.1 4.3	MEDIUM Network	Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web scr…	CWE-79 Cross-site Scripting	CVE-2016-5731	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:54 2016-07-3	Show	GitHub Exploit DB Packet Storm

93	6.1 4.3	MEDIUM Network	Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML v…	CWE-79 Cross-site Scripting	CVE-2016-5733	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:54 2016-07-3	Show	GitHub Exploit DB Packet Storm

94	5.3 5.0	MEDIUM Network	phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (…	CWE-200 Information Exposure	CVE-2016-5730	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:54 2016-07-3	Show	GitHub Exploit DB Packet Storm

95	7.5 5.0	HIGH Network	js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts paramet…	CWE-399 Resource Management Errors	CVE-2016-5706	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:54 2016-07-3	Show	GitHub Exploit DB Packet Storm

96	6.1 4.3	MEDIUM Network	Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) …	CWE-79 Cross-site Scripting	CVE-2016-5705	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:54 2016-07-3	Show	GitHub Exploit DB Packet Storm

97	6.1 4.3	MEDIUM Network	Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment.	CWE-79 Cross-site Scripting	CVE-2016-5704	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:54 2016-07-3	Show	GitHub Exploit DB Packet Storm

98	9.8 7.5	CRITICAL Network	SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted dat…	CWE-89 SQL Injection	CVE-2016-5703	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:54 2016-07-3	Show	GitHub Exploit DB Packet Storm

99	3.7 4.3	LOW Network	phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI.	CWE-254 7PK - Security Features	CVE-2016-5702	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:54 2016-07-3	Show	GitHub Exploit DB Packet Storm

100	6.1 4.3	MEDIUM Network	setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions …	CWE-74 Injection	CVE-2016-5701	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:54 2016-07-3	Show	GitHub Exploit DB Packet Storm