Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
phpMyAdmin Number Of NVD 270 CRITICAL 15 HIGH 53 MEDIUM 172 LOW 30
URL https://www.phpmyadmin.net/
Explanation phpMyAdmin is a free software tool written in PHP and intended to handle the administration of MySQL via the web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. Frequently used operations (managing databases, tables, columns, relations, indexes, users, permissions, etc.) can be performed via the user interface, with the ability to execute SQL statements directly.

Translated and excerpted from [https://www.phpmyadmin.net/].

This is a convenient way to manage MySQL without having to type SQL directly.
Tag
  • GPL v2
Add Information URL
No Type Name URL
1 https://www.phpmyadmin.net/downloads/
2 https://www.phpmyadmin.net/files/
3 https://www.phpmyadmin.net/security/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
221 phpMyAdmin 5 5.2.3 Oct. 8, 2025 Dec. 26, 2019 2 5 4 0
222 phpMyAdmin 4 4.9.7 Oct. 15, 2020 May 3, 2013 13 30 89 16
223 phpMyAdmin 3 3.5.8.2 July 28, 2013 Sept. 27, 2008 4 8 48 10
224 phpMyAdmin 2 2.11.11.3 Feb. 11, 2011 May 12, 1999 4 22 64 10
225 phpMyAdmin 1 1.3.1 Dec. 27, 1998 Nov. 3, 1998 3 10 21 6
226 phpMyAdmin 0 0.9.0 3 9 21 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
221 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter. NVD-CWE-Other
CVE-2007-2016 cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1:* 2026-04-23 09:35
2007-04-13 		Show GitHub Exploit DB Packet Storm
222 -
4.3 		MEDIUM Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a … NVD-CWE-Other
CVE-2007-1395 cpe:2.3:a:phpmyadmin:phpmyadmin:2.9:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.2:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9… 		2026-04-23 09:35
2007-03-11 		Show GitHub Exploit DB Packet Storm
223 -
7.1 		HIGH The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a… NVD-CWE-Other
CVE-2007-1325 cpe:2.3:a:phpmyadmin:phpmyadmin:*:* 2.10.0.1 2026-04-23 09:35
2007-03-8 		Show GitHub Exploit DB Packet Storm
224 -
6.8 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through… CWE-79
Cross-site Scripting 		CVE-2006-6942 cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.1_rc2:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.1_rc1:*
cpe:2.3:a:phpmyadmin:phpm… 		2.9.1 2026-04-23 09:35
2007-01-19 		Show GitHub Exploit DB Packet Storm
225 -
5.0 		MEDIUM PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[… CWE-20
 Improper Input Validation  		CVE-2006-6943 cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.1_rc2:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.1_rc1:*
cpe:2.3:a:phpmyadmin:phpm… 		2.9.1 2026-04-23 09:35
2007-01-19 		Show GitHub Exploit DB Packet Storm
226 -
7.5 		HIGH phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers. NVD-CWE-Other
CVE-2006-6944 cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.1_rc2:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.1_rc1:*
cpe:2.3:a:phpmyadmin:phpm… 		2.9.1 2026-04-23 09:35
2007-01-19 		Show GitHub Exploit DB Packet Storm
227 -
6.8 		MEDIUM Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: … NVD-CWE-Other
CVE-2007-0341 cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.1:* 2026-04-23 09:35
2007-01-18 		Show GitHub Exploit DB Packet Storm
228 -
10.0 		HIGH Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors. NVD-CWE-Other
CVE-2007-0203 cpe:2.3:a:phpmyadmin:phpmyadmin:*:* 2.9.1.1 2026-04-23 09:35
2007-01-11 		Show GitHub Exploit DB Packet Storm
229 -
6.8 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details … NVD-CWE-Other
CVE-2007-0204 cpe:2.3:a:phpmyadmin:phpmyadmin:*:* 2.9.1.1 2026-04-23 09:35
2007-01-11 		Show GitHub Exploit DB Packet Storm
230 -
5.0 		MEDIUM phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message. NVD-CWE-Other
CVE-2007-0095 cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.1.1:* 2026-04-23 09:35
2007-01-6 		Show GitHub Exploit DB Packet Storm