Software Detail

Software Informaton Top

System Management Tool

Software Detail

phpMyAdmin

Number Of NVD

270

CRITICAL

HIGH

MEDIUM

172

LOW

URL	https://www.phpmyadmin.net/
Explanation	phpMyAdmin is a free software tool written in PHP and intended to handle the administration of MySQL via the web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. Frequently used operations (managing databases, tables, columns, relations, indexes, users, permissions, etc.) can be performed via the user interface, with the ability to execute SQL statements directly. Translated and excerpted from [https://www.phpmyadmin.net/]. This is a convenient way to manage MySQL without having to type SQL directly.
Tag	GPL v2

Add Information URL

No	Type	Name	URL
1			https://www.phpmyadmin.net/downloads/
2			https://www.phpmyadmin.net/files/
3			https://www.phpmyadmin.net/security/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
231	phpMyAdmin 5	5.2.3	Oct. 8, 2025	Dec. 26, 2019	2	5	4	0
232	phpMyAdmin 4	4.9.7	Oct. 15, 2020	May 3, 2013	13	30	89	16
233	phpMyAdmin 3	3.5.8.2	July 28, 2013	Sept. 27, 2008	4	8	48	10
234	phpMyAdmin 2	2.11.11.3	Feb. 11, 2011	May 12, 1999	4	22	64	10
235	phpMyAdmin 1	1.3.1	Dec. 27, 1998	Nov. 3, 1998	3	10	21	6
236	phpMyAdmin 0	0.9.0			3	9	21	6

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
231	- 5.0	MEDIUM	PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message.	NVD-CWE-Other	CVE-2006-6373	cpe:2.3:a:phpmyadmin:phpmyadmin:2.7.0_pl2:*		2026-04-23 09:35 2006-12-8	Show	GitHub Exploit DB Packet Storm

232	- 7.5	HIGH	Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin …	NVD-CWE-Other	CVE-2006-6374	cpe:2.3:a:phpmyadmin:phpmyadmin:2.7.0_pl2:*		2026-04-23 09:35 2006-12-8	Show	GitHub Exploit DB Packet Storm

233	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, whic…	NVD-CWE-Other	CVE-2006-5718	cpe:2.3:a:phpmyadmin:phpmyadmin:2.9_rc1:* cpe:2.3:a:phpmyadmin:phpmyadmin:2.9:* cpe:2.3:a:phpmyadmin:phpmyadmin:2…		2026-04-23 09:35 2006-11-4	Show	GitHub Exploit DB Packet Storm

234	- 5.1	MEDIUM	Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the…	NVD-CWE-Other	CVE-2006-5116	cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0_dev:* cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.4:* cpe:2.3:a:phpmyadmin:phpmyadm…		2026-04-23 09:35 2006-10-3	Show	GitHub Exploit DB Packet Storm

235	- 5.0	MEDIUM	phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests f…	NVD-CWE-Other	CVE-2006-5117	cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0_dev:* cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.4:* cpe:2.3:a:phpmyadmin:phpmyadm…		2026-04-23 09:35 2006-10-3	Show	GitHub Exploit DB Packet Storm

236	- 5.8	MEDIUM	Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter.	NVD-CWE-Other	CVE-2006-3388	cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.4:* cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.3:* cpe:2.3:a:phpmyadmin:phpmyadmin:2…		2018-10-19 01:47 2006-07-7	Show	GitHub Exploit DB Packet Storm

237	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lan…	CWE-79 Cross-site Scripting	CVE-2006-2417	cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.3:* cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.2:* cpe:2.3:a:phpmyadmin:phpmyadm…		2017-07-20 10:31 2006-05-16	Show	GitHub Exploit DB Packet Storm

238	- 6.8	MEDIUM	Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts.	NVD-CWE-Other	CVE-2006-2418	cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.3:*		2017-07-20 10:31 2006-05-16	Show	GitHub Exploit DB Packet Storm

239	- 2.6	LOW	Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter.	NVD-CWE-Other	CVE-2006-2031	cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0_dev:* cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.1_dev:* cpe:2.3:a:phpmyadmin:phpm…		2017-07-20 10:31 2006-04-26	Show	GitHub Exploit DB Packet Storm

240	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter.	NVD-CWE-Other	CVE-2006-1803	cpe:2.3:a:phpmyadmin:phpmyadmin::	2.8.0.3	2018-10-19 01:36 2006-04-18	Show	GitHub Exploit DB Packet Storm