Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
phpMyAdmin Number Of NVD 270 CRITICAL 15 HIGH 53 MEDIUM 172 LOW 30
URL https://www.phpmyadmin.net/
Explanation phpMyAdmin is a free software tool written in PHP and intended to handle the administration of MySQL via the web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. Frequently used operations (managing databases, tables, columns, relations, indexes, users, permissions, etc.) can be performed via the user interface, with the ability to execute SQL statements directly.

Translated and excerpted from [https://www.phpmyadmin.net/].

This is a convenient way to manage MySQL without having to type SQL directly.
Tag
  • GPL v2
Add Information URL
No Type Name URL
1 https://www.phpmyadmin.net/downloads/
2 https://www.phpmyadmin.net/files/
3 https://www.phpmyadmin.net/security/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
171 phpMyAdmin 5 5.2.3 Oct. 8, 2025 Dec. 26, 2019 2 5 4 0
172 phpMyAdmin 4 4.9.7 Oct. 15, 2020 May 3, 2013 13 30 89 16
173 phpMyAdmin 3 3.5.8.2 July 28, 2013 Sept. 27, 2008 4 8 48 10
174 phpMyAdmin 2 2.11.11.3 Feb. 11, 2011 May 12, 1999 4 22 64 10
175 phpMyAdmin 1 1.3.1 Dec. 27, 1998 Nov. 3, 1998 3 10 21 6
176 phpMyAdmin 0 0.9.0 3 9 21 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
171 6.5
4.3 		MEDIUM
Network 		The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrar… CWE-611
XXE 		CVE-2011-4107 cpe:2.3:a:phpmyadmin:phpmyadmin:*:* 3.3.0.0
3.4.0.0

3.3.10.5
3.4.7.1 		2024-11-21 10:31
2011-11-18 		Show GitHub Exploit DB Packet Storm
172 -
5.0 		MEDIUM phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation… CWE-20
 Improper Input Validation  		CVE-2011-3646 cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.5.0:*
cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.4.0:*
cpe:2.3:a:phpmyadmin:phpmyadm… 		2024-11-21 10:30
2011-11-18 		Show GitHub Exploit DB Packet Storm
173 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value. CWE-79
Cross-site Scripting 		CVE-2011-4064 cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.5.0:*
cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.4.0:*
cpe:2.3:a:phpmyadmin:phpmyadm… 		2024-11-21 10:31
2011-11-2 		Show GitHub Exploit DB Packet Storm
174 -
4.3 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML vi… CWE-79
Cross-site Scripting 		CVE-2011-3181 cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.2:*
cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.1:*
cpe:2.3:a:phpmyadmin:phpmyadm… 		2024-11-21 10:29
2011-08-30 		Show GitHub Exploit DB Packet Storm
175 -
6.4 		MEDIUM libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attac… CWE-20
 Improper Input Validation  		CVE-2011-2719 cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.1:*
cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.0:*
cpe:2.3:a:phpmyadmin:phpmyadm… 		2024-11-21 10:28
2011-08-2 		Show GitHub Exploit DB Packet Storm
176 -
6.0 		MEDIUM Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files v… CWE-22
Path Traversal 		CVE-2011-2718 cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.1:*
cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.0:*
cpe:2.3:a:phpmyadmin:phpmyadm… 		2024-11-21 10:28
2011-08-2 		Show GitHub Exploit DB Packet Storm
177 -
6.8 		MEDIUM Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via direct… CWE-22
Path Traversal 		CVE-2011-2643 cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.1:*
cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.0:*
cpe:2.3:a:phpmyadmin:phpmyadm… 		2024-11-21 10:28
2011-08-2 		Show GitHub Exploit DB Packet Storm
178 -
2.6 		LOW Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin before 3.3.10.3 and 3.4.x before 3.4.3.2 allow remote authenticated users… CWE-79
Cross-site Scripting 		CVE-2011-2642 cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.1:*
cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.0:*
cpe:2.3:a:phpmyadmin:phpmyadm… 		3.3.10.2 2024-11-21 10:28
2011-08-2 		Show GitHub Exploit DB Packet Storm
179 -
6.0 		MEDIUM Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote aut… CWE-22
Path Traversal 		CVE-2011-2508 cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.0:*
cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.2.0:*
cpe:2.3:a:phpmyadmin:phpmyadm… 		2024-11-21 10:28
2011-07-15 		Show GitHub Exploit DB Packet Storm
180 -
6.5 		MEDIUM libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote auth… CWE-94
Code Injection 		CVE-2011-2507 cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.0:*
cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.2.0:*
cpe:2.3:a:phpmyadmin:phpmyadm… 		2024-11-21 10:28
2011-07-15 		Show GitHub Exploit DB Packet Storm