Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
phpMyAdmin Number Of NVD 270 CRITICAL 15 HIGH 53 MEDIUM 172 LOW 30
URL https://www.phpmyadmin.net/
Explanation phpMyAdmin is a free software tool written in PHP and intended to handle the administration of MySQL via the web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. Frequently used operations (managing databases, tables, columns, relations, indexes, users, permissions, etc.) can be performed via the user interface, with the ability to execute SQL statements directly.

Translated and excerpted from [https://www.phpmyadmin.net/].

This is a convenient way to manage MySQL without having to type SQL directly.
Tag
  • GPL v2
Add Information URL
No Type Name URL
1 https://www.phpmyadmin.net/downloads/
2 https://www.phpmyadmin.net/files/
3 https://www.phpmyadmin.net/security/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
191 phpMyAdmin 5 5.2.3 Oct. 8, 2025 Dec. 26, 2019 2 5 4 0
192 phpMyAdmin 4 4.9.7 Oct. 15, 2020 May 3, 2013 13 30 89 16
193 phpMyAdmin 3 3.5.8.2 July 28, 2013 Sept. 27, 2008 4 8 48 10
194 phpMyAdmin 2 2.11.11.3 Feb. 11, 2011 May 12, 1999 4 22 64 10
195 phpMyAdmin 1 1.3.1 Dec. 27, 1998 Nov. 3, 1998 3 10 21 6
196 phpMyAdmin 0 0.9.0 3 9 21 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
191 -
7.5 		HIGH The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrar… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2010-3055 cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.6:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.5:*
cpe:2.3:a:phpmyadmin:phpmya… 		2024-11-21 10:17
2010-08-25 		Show GitHub Exploit DB Packet Storm
192 -
5.0 		MEDIUM scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote at… NVD-CWE-Other
CVE-2009-4605 cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.6:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.5:*
cpe:2.3:a:phpmyadmin:phpmya… 		2026-04-23 09:35
2010-01-20 		Show GitHub Exploit DB Packet Storm
193 -
10.0 		HIGH libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors. CWE-310
Cryptographic Issues 		CVE-2008-7252 cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.6:*
cpe:2.3:a:phpmyadmin:phpmyadm… 		2026-04-23 09:35
2010-01-20 		Show GitHub Exploit DB Packet Storm
194 -
10.0 		HIGH libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors. CWE-264
Permissions, Privileges, and Access Controls 		CVE-2008-7251 cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.6:*
cpe:2.3:a:phpmyadmin:phpmyadm… 		2026-04-23 09:35
2010-01-20 		Show GitHub Exploit DB Packet Storm
195 -
7.5 		HIGH SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspeci… CWE-89
SQL Injection 		CVE-2009-3697 cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.2:rc1
cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.2:*
cpe:2.3:a:phpmyadmin:phpmyadmin… 		2026-04-23 09:35
2009-10-17 		Show GitHub Exploit DB Packet Storm
196 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL tabl… CWE-79
Cross-site Scripting 		CVE-2009-3696 cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.2:rc1
cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.2:*
cpe:2.3:a:phpmyadmin:phpmyadmin… 		2026-04-23 09:35
2009-10-17 		Show GitHub Exploit DB Packet Storm
197 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark. CWE-79
Cross-site Scripting 		CVE-2009-2284 cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.0-rc1:*
cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.0-beta1:*
cpe:2.3:a:phpmyadmin:ph… 		3.2.0 2026-04-23 09:35
2009-07-1 		Show GitHub Exploit DB Packet Storm
198 -
7.5 		HIGH Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configur… CWE-94
Code Injection 		CVE-2009-1285 cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:rc1
cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:1
cpe:2.3:a:phpmyadmin:phpmyadmin… 		2026-04-23 09:35
2009-04-17 		Show GitHub Exploit DB Packet Storm
199 9.8
7.5 		CRITICAL
Network 		Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the sav… CWE-94
Code Injection 		CVE-2009-1151 cpe:2.3:a:phpmyadmin:phpmyadmin:*:* 2.11.0
3.0.0

2.11.9.5
3.1.3.1 		2026-04-22 23:13
2009-03-26 		Show GitHub Exploit DB Packet Storm
200 -
4.3 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary … CWE-79
Cross-site Scripting 		CVE-2009-1150 cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:rc1
cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:*
cpe:2.3:a:phpmyadmin:phpmyadmin… 		2026-04-23 09:35
2009-03-26 		Show GitHub Exploit DB Packet Storm