Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
phpMyAdmin Number Of NVD 270 CRITICAL 15 HIGH 53 MEDIUM 172 LOW 30
URL https://www.phpmyadmin.net/
Explanation phpMyAdmin is a free software tool written in PHP and intended to handle the administration of MySQL via the web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. Frequently used operations (managing databases, tables, columns, relations, indexes, users, permissions, etc.) can be performed via the user interface, with the ability to execute SQL statements directly.

Translated and excerpted from [https://www.phpmyadmin.net/].

This is a convenient way to manage MySQL without having to type SQL directly.
Tag
  • GPL v2
Add Information URL
No Type Name URL
1 https://www.phpmyadmin.net/downloads/
2 https://www.phpmyadmin.net/files/
3 https://www.phpmyadmin.net/security/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
241 phpMyAdmin 5 5.2.3 Oct. 8, 2025 Dec. 26, 2019 2 5 4 0
242 phpMyAdmin 4 4.9.7 Oct. 15, 2020 May 3, 2013 13 30 89 16
243 phpMyAdmin 3 3.5.8.2 July 28, 2013 Sept. 27, 2008 4 8 48 10
244 phpMyAdmin 2 2.11.11.3 Feb. 11, 2011 May 12, 1999 4 22 64 10
245 phpMyAdmin 1 1.3.1 Dec. 27, 1998 Nov. 3, 1998 3 10 21 6
246 phpMyAdmin 0 0.9.0 3 9 21 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
241 -
7.5 		HIGH SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter. NVD-CWE-Other
CVE-2006-1804 cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.3:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.7.0_pl1:* 		2018-10-19 01:36
2006-04-18 		Show GitHub Exploit DB Packet Storm
242 -
4.3 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes… NVD-CWE-Other
CVE-2006-1678 cpe:2.3:a:phpmyadmin:phpmyadmin:2.7.0_pl2:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.7.0_pl1:*
cpe:2.3:a:phpmyadmin:phpm… 		2017-07-20 10:30
2006-04-11 		Show GitHub Exploit DB Packet Storm
243 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter. NVD-CWE-Other
CVE-2006-1258 cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.1:* 2017-07-20 10:30
2006-03-19 		Show GitHub Exploit DB Packet Storm
244 -
7.5 		HIGH Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demo… NVD-CWE-Other
CVE-2005-4450 cpe:2.3:a:phpmyadmin:phpmyadmin:2.7.0_pl1:* 2008-09-6 05:56
2005-12-21 		Show GitHub Exploit DB Packet Storm
245 -
6.5 		MEDIUM SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: t… CWE-89
SQL Injection 		CVE-2005-4349 cpe:2.3:a:phpmyadmin:phpmyadmin:2.7.0:* 2024-08-8 09:15
2005-12-19 		Show GitHub Exploit DB Packet Storm
246 -
4.3 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in … NVD-CWE-Other
CVE-2005-3665 cpe:2.3:a:phpmyadmin:phpmyadmin:2.7.0_beta1:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_rc1:*
cpe:2.3:a:phpmyadmin:ph… 		2018-10-20 00:38
2005-12-8 		Show GitHub Exploit DB Packet Storm
247 -
5.0 		MEDIUM The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the import_blacklist variable in grab_globals.php, which can… NVD-CWE-Other
CVE-2005-4079 cpe:2.3:a:phpmyadmin:phpmyadmin:2.7.0_rc1:* 2018-10-20 00:40
2005-12-8 		Show GitHub Exploit DB Packet Storm
248 -
4.3 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title pa… NVD-CWE-Other
CVE-2005-3787 cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl3:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.3_pl1:*
cpe:2.3:a:phpmyadmin:phpm… 		2018-10-20 00:39
2005-11-24 		Show GitHub Exploit DB Packet Storm
249 -
5.0 		MEDIUM CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts. NVD-CWE-Other
CVE-2005-3621 cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl3:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.3_pl1:*
cpe:2.3:a:phpmyadmin:phpm… 		2008-09-6 05:54
2005-11-16 		Show GitHub Exploit DB Packet Storm
250 -
5.0 		MEDIUM phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory. NVD-CWE-Other
CVE-2005-3622 cpe:2.3:a:phpmyadmin:phpmyadmin:2.7.0_beta1:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl4:*
cpe:2.3:a:phpmyadmin:ph… 		2016-10-18 12:36
2005-11-16 		Show GitHub Exploit DB Packet Storm