Software Detail

Software Informaton Top

System Management Tool

Software Detail

phpMyAdmin

Number Of NVD

270

CRITICAL

HIGH

MEDIUM

172

LOW

URL	https://www.phpmyadmin.net/
Explanation	phpMyAdmin is a free software tool written in PHP and intended to handle the administration of MySQL via the web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. Frequently used operations (managing databases, tables, columns, relations, indexes, users, permissions, etc.) can be performed via the user interface, with the ability to execute SQL statements directly. Translated and excerpted from [https://www.phpmyadmin.net/]. This is a convenient way to manage MySQL without having to type SQL directly.
Tag	GPL v2

Add Information URL

No	Type	Name	URL
1			https://www.phpmyadmin.net/downloads/
2			https://www.phpmyadmin.net/files/
3			https://www.phpmyadmin.net/security/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
201	phpMyAdmin 5	5.2.3	Oct. 8, 2025	Dec. 26, 2019	2	5	4	0
202	phpMyAdmin 4	4.9.7	Oct. 15, 2020	May 3, 2013	13	30	89	16
203	phpMyAdmin 3	3.5.8.2	July 28, 2013	Sept. 27, 2008	4	8	48	10
204	phpMyAdmin 2	2.11.11.3	Feb. 11, 2011	May 12, 1999	4	22	64	10
205	phpMyAdmin 1	1.3.1	Dec. 27, 1998	Nov. 3, 1998	3	10	21	6
206	phpMyAdmin 0	0.9.0			3	9	21	6

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
201	- 7.5	HIGH	CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response …	CWE-20 Improper Input Validation	CVE-2009-1149	cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:rc1 cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.2:rc1 cpe:2.3:a:phpmyadmin:phpmyadm…	3.1.3	2026-04-23 09:35 2009-03-26	Show	GitHub Exploit DB Packet Storm

202	- 5.0	MEDIUM	Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequen…	CWE-22 Path Traversal	CVE-2009-1148	cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:rc1 cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.2:rc1 cpe:2.3:a:phpmyadmin:phpmyadm…	3.1.3	2026-04-23 09:35 2009-03-26	Show	GitHub Exploit DB Packet Storm

203	- 6.0	MEDIUM	Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or …	CWE-352 Origin Validation Error	CVE-2008-5621	cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.0.0:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1:* cpe:2.3:a:phpmyadmin:phpmyadmin…		2026-04-23 09:35 2008-12-17	Show	GitHub Exploit DB Packet Storm

204	- 2.6	LOW	Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inj…	CWE-79 Cross-site Scripting	CVE-2008-4775	cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1:* cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:* cpe:2.3:a:phpmyadmin:phpmyadmin:2…		2026-04-23 09:35 2008-10-29	Show	GitHub Exploit DB Packet Storm

205	- 4.3	MEDIUM	The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection m…	CWE-79 Cross-site Scripting	CVE-2008-4326	cpe:2.3:a:phpmyadmin:phpmyadmin:2.9_rc1:* cpe:2.3:a:phpmyadmin:phpmyadmin:2.9:* cpe:2.3:a:phpmyadmin:phpmyadmin:2…	2.11.9.1	2026-04-23 09:35 2008-10-1	Show	GitHub Exploit DB Packet Storm

206	- 8.5	HIGH	libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containin…	CWE-20 Improper Input Validation	CVE-2008-4096	cpe:2.3:a:phpmyadmin:phpmyadmin:2.1:* cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.8:* cpe:2.3:a:phpmyadmin:phpmyadmin:2.…	2.11.9	2026-04-23 09:35 2008-09-19	Show	GitHub Exploit DB Packet Storm

207	- 6.4	MEDIUM	phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing act…	CWE-59 Link Following	CVE-2008-3456	cpe:2.3:a:phpmyadmin:phpmyadmin:2.1:* cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6:* cpe:2.3:a:phpmyadmin:phpmyadmin:2.…	2.11.7.0	2026-04-23 09:35 2008-08-5	Show	GitHub Exploit DB Packet Storm

208	- 2.6	LOW	Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this…	CWE-79 Cross-site Scripting	CVE-2008-3457	cpe:2.3:a:phpmyadmin:phpmyadmin:2.1:* cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6:* cpe:2.3:a:phpmyadmin:phpmyadmin:2.…	2.11.7.0	2026-04-23 09:35 2008-08-5	Show	GitHub Exploit DB Packet Storm

209	- 3.5	LOW	Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a …	CWE-352 Origin Validation Error	CVE-2008-3197	cpe:2.3:a:phpmyadmin:phpmyadmin:2.9_rc1:* cpe:2.3:a:phpmyadmin:phpmyadmin:2.9:* cpe:2.3:a:phpmyadmin:phpmyadmin:2…		2026-04-23 09:35 2008-07-17	Show	GitHub Exploit DB Packet Storm

210	- 2.6	LOW	Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTM…	CWE-79 Cross-site Scripting	CVE-2008-2960	cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6rc1:* cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6:* cpe:2.3:a:phpmyadmin:phpmyad…		2026-04-23 09:35 2008-07-3	Show	GitHub Exploit DB Packet Storm