Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
phpMyAdmin Number Of NVD 270 CRITICAL 15 HIGH 53 MEDIUM 172 LOW 30
URL https://www.phpmyadmin.net/
Explanation phpMyAdmin is a free software tool written in PHP and intended to handle the administration of MySQL via the web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. Frequently used operations (managing databases, tables, columns, relations, indexes, users, permissions, etc.) can be performed via the user interface, with the ability to execute SQL statements directly.

Translated and excerpted from [https://www.phpmyadmin.net/].

This is a convenient way to manage MySQL without having to type SQL directly.
Tag
  • GPL v2
Add Information URL
No Type Name URL
1 https://www.phpmyadmin.net/downloads/
2 https://www.phpmyadmin.net/files/
3 https://www.phpmyadmin.net/security/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
151 phpMyAdmin 5 5.2.3 Oct. 8, 2025 Dec. 26, 2019 2 5 4 0
152 phpMyAdmin 4 4.9.7 Oct. 15, 2020 May 3, 2013 13 30 89 16
153 phpMyAdmin 3 3.5.8.2 July 28, 2013 Sept. 27, 2008 4 8 48 10
154 phpMyAdmin 2 2.11.11.3 Feb. 11, 2011 May 12, 1999 4 22 64 10
155 phpMyAdmin 1 1.3.1 Dec. 27, 1998 Nov. 3, 1998 3 10 21 6
156 phpMyAdmin 0 0.9.0 3 9 21 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
151 -
3.5 		LOW Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an i… CWE-79
Cross-site Scripting 		CVE-2013-3742 cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:*
cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*
cpe:2.3:a:phpmyadmin:phpmyadmin:4… 		2024-11-21 10:54
2013-07-4 		Show GitHub Exploit DB Packet Storm
152 -
4.0 		MEDIUM export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users t… NVD-CWE-noinfo
CVE-2013-3241 cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc2 2024-11-21 10:53
2013-04-26 		Show GitHub Exploit DB Packet Storm
153 -
6.5 		MEDIUM Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a pa… CWE-22
Path Traversal 		CVE-2013-3240 cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc2 2024-11-21 10:53
2013-04-26 		Show GitHub Exploit DB Packet Storm
154 -
4.6 		MEDIUM phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename… CWE-94
Code Injection 		CVE-2013-3239 cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc2
cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.8:rc1
cpe:2.3:a:phpmyadmin:phpmyadm… 		2024-11-21 10:53
2013-04-26 		Show GitHub Exploit DB Packet Storm
155 -
6.0 		MEDIUM phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace fu… NVD-CWE-noinfo
CVE-2013-3238 cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc2
cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.8:rc1
cpe:2.3:a:phpmyadmin:phpmyadm… 		2024-11-21 10:53
2013-04-26 		Show GitHub Exploit DB Packet Storm
156 6.1
4.3 		MEDIUM
Network 		Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visua… CWE-79
Cross-site Scripting 		CVE-2013-1937 cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.7:rc1
cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.7:*
cpe:2.3:a:phpmyadmin:phpmyadmin… 		3.5.8 2024-11-21 10:50
2013-04-16 		Show GitHub Exploit DB Packet Storm
157 -
7.5 		HIGH The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-php… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2012-5469 cpe:2.3:a:phpmyadmin:phpmyadmin:1.3:alpha
cpe:2.3:a:phpmyadmin:phpmyadmin:1.3:*
cpe:2.3:a:phpmyadmin:phpmyadmin:1… 		2024-11-21 10:44
2012-12-20 		Show GitHub Exploit DB Packet Storm
158 -
4.3 		MEDIUM phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XS… CWE-79
Cross-site Scripting 		CVE-2012-5368 cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.2:*
cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.1:*
cpe:2.3:a:phpmyadmin:phpmyadm… 		2024-11-21 10:44
2012-10-25 		Show GitHub Exploit DB Packet Storm
159 -
3.5 		LOW Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a … CWE-79
Cross-site Scripting 		CVE-2012-5339 cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.2:*
cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.1:*
cpe:2.3:a:phpmyadmin:phpmyadm… 		2024-11-21 10:44
2012-10-25 		Show GitHub Exploit DB Packet Storm
160 -
7.5 		HIGH phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allo… CWE-94
Code Injection 		CVE-2012-5159 cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.2:* 2024-11-21 10:44
2012-09-26 		Show GitHub Exploit DB Packet Storm