Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
phpMyAdmin Number Of NVD 270 CRITICAL 15 HIGH 53 MEDIUM 172 LOW 30
URL https://www.phpmyadmin.net/
Explanation phpMyAdmin is a free software tool written in PHP and intended to handle the administration of MySQL via the web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. Frequently used operations (managing databases, tables, columns, relations, indexes, users, permissions, etc.) can be performed via the user interface, with the ability to execute SQL statements directly.

Translated and excerpted from [https://www.phpmyadmin.net/].

This is a convenient way to manage MySQL without having to type SQL directly.
Tag
  • GPL v2
Add Information URL
No Type Name URL
1 https://www.phpmyadmin.net/downloads/
2 https://www.phpmyadmin.net/files/
3 https://www.phpmyadmin.net/security/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
251 phpMyAdmin 5 5.2.3 Oct. 8, 2025 Dec. 26, 2019 2 5 4 0
252 phpMyAdmin 4 4.9.7 Oct. 15, 2020 May 3, 2013 13 30 89 16
253 phpMyAdmin 3 3.5.8.2 July 28, 2013 Sept. 27, 2008 4 8 48 10
254 phpMyAdmin 2 2.11.11.3 Feb. 11, 2011 May 12, 1999 4 22 64 10
255 phpMyAdmin 1 1.3.1 Dec. 27, 1998 Nov. 3, 1998 3 10 21 6
256 phpMyAdmin 0 0.9.0 3 9 21 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
251 -
4.3 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.… NVD-CWE-Other
CVE-2005-3301 cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_rc1:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl2:*
cpe:2.3:a:phpmyadmin:phpm… 		2011-03-8 11:26
2005-10-24 		Show GitHub Exploit DB Packet Storm
252 -
5.0 		MEDIUM PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform… NVD-CWE-Other
CVE-2005-3299 cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl1:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4:* 		2008-09-6 05:54
2005-10-24 		Show GitHub Exploit DB Packet Storm
253 -
5.0 		MEDIUM The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers… NVD-CWE-Other
CVE-2005-3300 cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl3:* 2017-07-11 10:33
2005-10-24 		Show GitHub Exploit DB Packet Storm
254 -
4.3 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php… NVD-CWE-Other
CVE-2005-2869 cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.3_pl1:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.3:*
cpe:2.3:a:phpmyadmin:phpmyadm… 		2008-09-6 05:52
2005-09-9 		Show GitHub Exploit DB Packet Storm
255 -
4.6 		MEDIUM The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script. NVD-CWE-Other
CVE-2005-1392 cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.2:* 2011-03-8 11:21
2005-05-3 		Show GitHub Exploit DB Packet Storm
256 -
5.0 		MEDIUM phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP er… NVD-CWE-Other
CVE-2005-0459 cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.2_dev:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.0_pl3:*
cpe:2.3:a:phpmyadmin:phpm… 		2008-09-6 05:46
2005-05-2 		Show GitHub Exploit DB Packet Storm
257 -
5.0 		MEDIUM phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.ph… NVD-CWE-Other
CVE-2005-0544 cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1:* 2008-09-6 05:46
2005-05-2 		Show GitHub Exploit DB Packet Storm
258 -
7.5 		HIGH Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Serve… NVD-CWE-Other
CVE-2005-0567 cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1:* 2017-07-11 10:32
2005-05-2 		Show GitHub Exploit DB Packet Storm
259 -
4.6 		MEDIUM phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended. NVD-CWE-Other
CVE-2005-0653 cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1:* 2008-09-6 05:46
2005-05-2 		Show GitHub Exploit DB Packet Storm
260 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter. NVD-CWE-Other
CVE-2005-0992 cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1_rc1:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1_pl3:*
cpe:2.3:a:phpmyadmin:phpm… 		2017-07-11 10:32
2005-05-2 		Show GitHub Exploit DB Packet Storm