Software Detail

Software Informaton Top

System Management Tool

Software Detail

phpMyAdmin

Number Of NVD

270

CRITICAL

HIGH

MEDIUM

172

LOW

URL	https://www.phpmyadmin.net/
Explanation	phpMyAdmin is a free software tool written in PHP and intended to handle the administration of MySQL via the web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. Frequently used operations (managing databases, tables, columns, relations, indexes, users, permissions, etc.) can be performed via the user interface, with the ability to execute SQL statements directly. Translated and excerpted from [https://www.phpmyadmin.net/]. This is a convenient way to manage MySQL without having to type SQL directly.
Tag	GPL v2

Add Information URL

No	Type	Name	URL
1			https://www.phpmyadmin.net/downloads/
2			https://www.phpmyadmin.net/files/
3			https://www.phpmyadmin.net/security/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
101	phpMyAdmin 5	5.2.3	Oct. 8, 2025	Dec. 26, 2019	2	5	4	0
102	phpMyAdmin 4	4.9.7	Oct. 15, 2020	May 3, 2013	13	30	89	16
103	phpMyAdmin 3	3.5.8.2	July 28, 2013	Sept. 27, 2008	4	8	48	10
104	phpMyAdmin 2	2.11.11.3	Feb. 11, 2011	May 12, 1999	4	22	64	10
105	phpMyAdmin 1	1.3.1	Dec. 27, 1998	Nov. 3, 1998	3	10	21	6
106	phpMyAdmin 0	0.9.0			3	9	21	6

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	Update date Published date	Show Affected	Exploit PoC Search
101	6.8 5.8	MEDIUM Network	The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to…	CWE-20 Improper Input Validation	CVE-2016-2562	cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.5:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.4:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:48 2016-03-1	Show	GitHub Exploit DB Packet Storm

102	5.4 3.5	MEDIUM Network	Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normal…	CWE-79 Cross-site Scripting	CVE-2016-2561	cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.5:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.4:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:48 2016-03-1	Show	GitHub Exploit DB Packet Storm

103	5.4 3.5	MEDIUM Network	Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to i…	CWE-79 Cross-site Scripting	CVE-2016-2559	cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.5:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.4:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:48 2016-03-1	Show	GitHub Exploit DB Packet Storm

104	6.1 4.3	MEDIUM Network	Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML…	CWE-79 Cross-site Scripting	CVE-2016-2560	cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.5:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.4:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:48 2016-03-1	Show	GitHub Exploit DB Packet Storm

105	5.4 3.5	MEDIUM Network	Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON…	CWE-79 Cross-site Scripting	CVE-2016-2045	cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.3:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:47 2016-02-20	Show	GitHub Exploit DB Packet Storm

106	5.3 5.0	MEDIUM Network	libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an e…	CWE-200 Information Exposure	CVE-2016-2044	cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.3:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:47 2016-02-20	Show	GitHub Exploit DB Packet Storm

107	5.4 3.5	MEDIUM Network	Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject ar…	CWE-79 Cross-site Scripting	CVE-2016-2043	cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.3:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:47 2016-02-20	Show	GitHub Exploit DB Packet Storm

108	5.3 5.0	MEDIUM Network	phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpsecl…	CWE-200 Information Exposure	CVE-2016-2042	cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.3:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:47 2016-02-20	Show	GitHub Exploit DB Packet Storm

109	7.5 5.0	HIGH Network	libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier fo…	CWE-254 7PK - Security Features	CVE-2016-2041	cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.3:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:47 2016-02-20	Show	GitHub Exploit DB Packet Storm

110	5.4 3.5	MEDIUM Network	Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script…	CWE-79 Cross-site Scripting	CVE-2016-2040	cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.3:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:47 2016-02-20	Show	GitHub Exploit DB Packet Storm