Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
phpMyAdmin Number Of NVD 270 CRITICAL 15 HIGH 53 MEDIUM 172 LOW 30
URL https://www.phpmyadmin.net/
Explanation phpMyAdmin is a free software tool written in PHP and intended to handle the administration of MySQL via the web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. Frequently used operations (managing databases, tables, columns, relations, indexes, users, permissions, etc.) can be performed via the user interface, with the ability to execute SQL statements directly.

Translated and excerpted from [https://www.phpmyadmin.net/].

This is a convenient way to manage MySQL without having to type SQL directly.
Tag
  • GPL v2
Add Information URL
No Type Name URL
1 https://www.phpmyadmin.net/downloads/
2 https://www.phpmyadmin.net/files/
3 https://www.phpmyadmin.net/security/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
21 phpMyAdmin 5 5.2.3 Oct. 8, 2025 Dec. 26, 2019 2 5 4 0
22 phpMyAdmin 4 4.9.7 Oct. 15, 2020 May 3, 2013 13 30 89 16
23 phpMyAdmin 3 3.5.8.2 July 28, 2013 Sept. 27, 2008 4 8 48 10
24 phpMyAdmin 2 2.11.11.3 Feb. 11, 2011 May 12, 1999 4 22 64 10
25 phpMyAdmin 1 1.3.1 Dec. 27, 1998 Nov. 3, 1998 3 10 21 6
26 phpMyAdmin 0 0.9.0 3 9 21 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
21 6.1
4.3 		MEDIUM
Network 		In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name. CWE-79
Cross-site Scripting 		CVE-2018-19970 cpe:2.3:a:phpmyadmin:phpmyadmin:*:* 4.0.0 4.8.4 2024-11-21 12:58
2018-12-12 		Show GitHub Exploit DB Packet Storm
22 8.8
6.8 		HIGH
Network 		phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as… CWE-352
 Origin Validation Error 		CVE-2018-19969 cpe:2.3:a:phpmyadmin:phpmyadmin:*:* 4.8.0
4.7.0
4.7.6
4.8.4
 2024-11-21 12:58
2018-12-12 		Show GitHub Exploit DB Packet Storm
23 6.5
4.0 		MEDIUM
Network 		An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration S… CWE-200
Information Exposure 		CVE-2018-19968 cpe:2.3:a:phpmyadmin:phpmyadmin:*:* 4.0.0 4.8.4 2024-11-21 12:58
2018-12-12 		Show GitHub Exploit DB Packet Storm
24 6.1
4.3 		MEDIUM
Network 		An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that fil… CWE-79
Cross-site Scripting 		CVE-2018-15605 cpe:2.3:a:phpmyadmin:phpmyadmin:*:* 4.8.3 2024-11-21 12:51
2018-08-25 		Show GitHub Exploit DB Packet Storm
25 8.8
6.5 		HIGH
Network 		An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pag… CWE-287
Improper Authentication 		CVE-2018-12613 cpe:2.3:a:phpmyadmin:phpmyadmin:*:* 4.8.0 4.8.2 2024-11-21 12:45
2018-06-22 		Show GitHub Exploit DB Packet Storm
26 6.1
4.3 		MEDIUM
Network 		An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS atta… CWE-79
Cross-site Scripting 		CVE-2018-12581 cpe:2.3:a:phpmyadmin:phpmyadmin:*:* 4.8.2 2024-11-21 12:45
2018-06-22 		Show GitHub Exploit DB Packet Storm
27 9.8
7.5 		CRITICAL
Network 		An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false … NVD-CWE-noinfo
CVE-2017-18264 cpe:2.3:a:phpmyadmin:phpmyadmin:4.7.0:rc1
cpe:2.3:a:phpmyadmin:phpmyadmin:4.7.0:beta1
cpe:2.3:a:phpmyadmin:phpmya… 		4.0.0
4.4.0
4.6.0
4.4.15.10
4.6.6

4.0.10.20

 2024-11-21 12:19
2018-05-2 		Show GitHub Exploit DB Packet Storm
28 8.8
6.8 		HIGH
Network 		phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php. CWE-352
 Origin Validation Error 		CVE-2018-10188 cpe:2.3:a:phpmyadmin:phpmyadmin:4.8.0:* 2024-11-21 12:40
2018-04-19 		Show GitHub Exploit DB Packet Storm
29 5.4
3.5 		MEDIUM
Network 		Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. CWE-79
Cross-site Scripting 		CVE-2018-7260 cpe:2.3:a:phpmyadmin:phpmyadmin:*:* 4.7.8 2024-11-21 13:11
2018-02-22 		Show GitHub Exploit DB Packet Storm
30 8.8
6.8 		HIGH
Network 		phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as dele… CWE-352
 Origin Validation Error 		CVE-2017-1000499 cpe:2.3:a:phpmyadmin:phpmyadmin:*:* 4.7.0 4.7.7 2024-11-21 12:04
2018-01-3 		Show GitHub Exploit DB Packet Storm