Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
phpMyAdmin Number Of NVD 270 CRITICAL 15 HIGH 53 MEDIUM 172 LOW 30
URL https://www.phpmyadmin.net/
Explanation phpMyAdmin is a free software tool written in PHP and intended to handle the administration of MySQL via the web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. Frequently used operations (managing databases, tables, columns, relations, indexes, users, permissions, etc.) can be performed via the user interface, with the ability to execute SQL statements directly.

Translated and excerpted from [https://www.phpmyadmin.net/].

This is a convenient way to manage MySQL without having to type SQL directly.
Tag
  • GPL v2
Add Information URL
No Type Name URL
1 https://www.phpmyadmin.net/downloads/
2 https://www.phpmyadmin.net/files/
3 https://www.phpmyadmin.net/security/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
161 phpMyAdmin 5 5.2.3 Oct. 8, 2025 Dec. 26, 2019 2 5 4 0
162 phpMyAdmin 4 4.9.7 Oct. 15, 2020 May 3, 2013 13 30 89 16
163 phpMyAdmin 3 3.5.8.2 July 28, 2013 Sept. 27, 2008 4 8 48 10
164 phpMyAdmin 2 2.11.11.3 Feb. 11, 2011 May 12, 1999 4 22 64 10
165 phpMyAdmin 1 1.3.1 Dec. 27, 1998 Nov. 3, 1998 3 10 21 6
166 phpMyAdmin 0 0.9.0 3 9 21 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
161 -
3.5 		LOW Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (… CWE-79
Cross-site Scripting 		CVE-2012-4579 cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.1:*
cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.0:*
cpe:2.3:a:phpmyadmin:phpmyadm… 		2024-11-21 10:43
2012-08-22 		Show GitHub Exploit DB Packet Storm
162 -
3.5 		LOW Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary we… CWE-79
Cross-site Scripting 		CVE-2012-4345 cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.1:*
cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.0:*
cpe:2.3:a:phpmyadmin:phpmyadm… 		2024-11-21 10:42
2012-08-22 		Show GitHub Exploit DB Packet Storm
163 -
5.0 		MEDIUM show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, relate… CWE-200
Information Exposure 		CVE-2012-4219 cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.0:*
cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.1.0:*
cpe:2.3:a:phpmyadmin:phpmyadm… 		2024-11-21 10:42
2012-08-22 		Show GitHub Exploit DB Packet Storm
164 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web … CWE-79
Cross-site Scripting 		CVE-2012-1190 cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.9.0:*
cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.8.0:*
cpe:2.3:a:phpmyadmin:phpmyadm… 		2024-11-21 10:36
2012-05-3 		Show GitHub Exploit DB Packet Storm
165 -
4.3 		MEDIUM show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the i… CWE-200
Information Exposure 		CVE-2012-1902 cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.9.0:*
cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.8.0:*
cpe:2.3:a:phpmyadmin:phpmyadm… 		2024-11-21 10:38
2012-04-7 		Show GitHub Exploit DB Packet Storm
166 -
4.3 		MEDIUM Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified ve… CWE-20
 Improper Input Validation  		CVE-2011-1941 cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.0.0:* 2024-11-21 10:27
2012-01-27 		Show GitHub Exploit DB Packet Storm
167 -
4.3 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name t… CWE-79
Cross-site Scripting 		CVE-2011-1940 cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.0.0:*
cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.2:*
cpe:2.3:a:phpmyadmin:phpmyadm… 		2024-11-21 10:27
2012-01-27 		Show GitHub Exploit DB Packet Storm
168 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTM… CWE-79
Cross-site Scripting 		CVE-2011-4782 cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.8.0:*
cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.7.0:*
cpe:2.3:a:phpmyadmin:phpmyadm… 		2024-11-21 10:32
2011-12-23 		Show GitHub Exploit DB Packet Storm
169 -
4.3 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL … CWE-79
Cross-site Scripting 		CVE-2011-4780 cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.8.0:*
cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.7.0:*
cpe:2.3:a:phpmyadmin:phpmyadm… 		2024-11-21 10:32
2011-12-23 		Show GitHub Exploit DB Packet Storm
170 -
4.3 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Data… CWE-79
Cross-site Scripting 		CVE-2011-4634 cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.7.0:*
cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.6.0:*
cpe:2.3:a:phpmyadmin:phpmyadm… 		2024-11-21 10:32
2011-12-23 		Show GitHub Exploit DB Packet Storm