Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
phpMyAdmin Number Of NVD 270 CRITICAL 15 HIGH 53 MEDIUM 172 LOW 30
URL https://www.phpmyadmin.net/
Explanation phpMyAdmin is a free software tool written in PHP and intended to handle the administration of MySQL via the web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. Frequently used operations (managing databases, tables, columns, relations, indexes, users, permissions, etc.) can be performed via the user interface, with the ability to execute SQL statements directly.

Translated and excerpted from [https://www.phpmyadmin.net/].

This is a convenient way to manage MySQL without having to type SQL directly.
Tag
  • GPL v2
Add Information URL
No Type Name URL
1 https://www.phpmyadmin.net/downloads/
2 https://www.phpmyadmin.net/files/
3 https://www.phpmyadmin.net/security/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
211 phpMyAdmin 5 5.2.3 Oct. 8, 2025 Dec. 26, 2019 2 5 4 0
212 phpMyAdmin 4 4.9.7 Oct. 15, 2020 May 3, 2013 13 30 89 16
213 phpMyAdmin 3 3.5.8.2 July 28, 2013 Sept. 27, 2008 4 8 48 10
214 phpMyAdmin 2 2.11.11.3 Feb. 11, 2011 May 12, 1999 4 22 64 10
215 phpMyAdmin 1 1.3.1 Dec. 27, 1998 Nov. 3, 1998 3 10 21 6
216 phpMyAdmin 0 0.9.0 3 9 21 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
211 -
3.5 		LOW Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST … CWE-200
NVD-CWE-noinfo
Information Exposure 		CVE-2008-1924 cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6rc1:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5:*
cpe:2.3:a:phpmyadmin:phpmyad… 		2.11.5.1 2026-04-23 09:35
2008-04-24 		Show GitHub Exploit DB Packet Storm
212 5.5
2.1 		MEDIUM
Local 		phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive inf… CWE-312
 Cleartext Storage of Sensitive Information 		CVE-2008-1567 cpe:2.3:a:phpmyadmin:phpmyadmin:*:* 2.11.5.1 2026-04-23 09:35
2008-04-1 		Show GitHub Exploit DB Packet Storm
213 -
5.1 		MEDIUM phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection an… CWE-89
CWE-352
SQL Injection
 Origin Validation Error 		CVE-2008-1149 cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.4:rc1
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3:rc1
cpe:2.3:a:phpmyadmin:phpmya… 		2.11.4 2026-04-23 09:35
2008-03-5 		Show GitHub Exploit DB Packet Storm
214 -
2.6 		LOW Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to injec… CWE-79
Cross-site Scripting 		CVE-2007-6100 cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.2:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.1:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2… 		2.11.2.1 2026-04-23 09:35
2007-11-24 		Show GitHub Exploit DB Packet Storm
215 -
6.5 		MEDIUM SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter. CWE-89
SQL Injection 		CVE-2007-5976 cpe:2.3:a:phpmyadmin:phpmyadmin:*:* 2.11.2 2026-04-23 09:35
2007-11-15 		Show GitHub Exploit DB Packet Storm
216 -
3.5 		LOW Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a … CWE-79
Cross-site Scripting 		CVE-2007-5977 cpe:2.3:a:phpmyadmin:phpmyadmin:*:* 2.11.2 2026-04-23 09:35
2007-11-15 		Show GitHub Exploit DB Packet Storm
217 -
4.3 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) serv… CWE-79
Cross-site Scripting 		CVE-2007-5589 cpe:2.3:a:phpmyadmin:phpmyadmin:*:* 2.11.1.1 2026-04-23 09:35
2007-10-20 		Show GitHub Exploit DB Packet Storm
218 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web scrip… CWE-79
Cross-site Scripting 		CVE-2007-5386 cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1:* 2026-04-23 09:35
2007-10-12 		Show GitHub Exploit DB Packet Storm
219 -
4.3 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the (1) unlim_num_rows, (2) sql_query, or (3) pos parameter … NVD-CWE-Other
CVE-2007-4306 cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.3:* 2026-04-23 09:35
2007-08-14 		Show GitHub Exploit DB Packet Storm
220 -
6.8 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php… NVD-CWE-Other
CVE-2007-2245 cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.1.0:* 2026-04-23 09:35
2007-04-26 		Show GitHub Exploit DB Packet Storm