Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
phpMyAdmin Number Of NVD 270 CRITICAL 15 HIGH 53 MEDIUM 172 LOW 30
URL https://www.phpmyadmin.net/
Explanation phpMyAdmin is a free software tool written in PHP and intended to handle the administration of MySQL via the web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. Frequently used operations (managing databases, tables, columns, relations, indexes, users, permissions, etc.) can be performed via the user interface, with the ability to execute SQL statements directly.

Translated and excerpted from [https://www.phpmyadmin.net/].

This is a convenient way to manage MySQL without having to type SQL directly.
Tag
  • GPL v2
Add Information URL
No Type Name URL
1 https://www.phpmyadmin.net/downloads/
2 https://www.phpmyadmin.net/files/
3 https://www.phpmyadmin.net/security/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
31 phpMyAdmin 5 5.2.3 Oct. 8, 2025 Dec. 26, 2019 2 5 4 0
32 phpMyAdmin 4 4.9.7 Oct. 15, 2020 May 3, 2013 13 30 89 16
33 phpMyAdmin 3 3.5.8.2 July 28, 2013 Sept. 27, 2008 4 8 48 10
34 phpMyAdmin 2 2.11.11.3 Feb. 11, 2011 May 12, 1999 4 22 64 10
35 phpMyAdmin 1 1.3.1 Dec. 27, 1998 Nov. 3, 1998 3 10 21 6
36 phpMyAdmin 0 0.9.0 3 9 21 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
31 7.5
5.0 		HIGH
Network 		phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name CWE-20
 Improper Input Validation  		CVE-2017-1000018 cpe:2.3:a:phpmyadmin:phpmyadmin:*:* 4.6.0
4.4.0
4.0.0



4.6.6
4.4.15.10
4.0.10.19 		2024-11-21 12:03
2017-07-17 		Show GitHub Exploit DB Packet Storm
32 8.8
6.5 		HIGH
Network 		phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2017-1000017 cpe:2.3:a:phpmyadmin:phpmyadmin:*:* 4.4.0
4.6.0
4.0.0 		4.4.15.10
4.6.6



4.0.10.19 		2024-11-21 12:03
2017-07-17 		Show GitHub Exploit DB Packet Storm
33 7.5
5.0 		HIGH
Network 		A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18. CWE-20
 Improper Input Validation  		CVE-2017-1000016 cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.5:*
cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.5.2:*
cpe:2.3:a:phpmyadmin:phpmyadmin… 		2024-11-21 12:03
2017-07-17 		Show GitHub Exploit DB Packet Storm
34 6.1
4.3 		MEDIUM
Network 		phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters CWE-79
Cross-site Scripting 		CVE-2017-1000015 cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.5:*
cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.4:*
cpe:2.3:a:phpmyadmin:phpmyadmin:4… 		2024-11-21 12:03
2017-07-17 		Show GitHub Exploit DB Packet Storm
35 7.5
5.0 		HIGH
Network 		phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality CWE-20
 Improper Input Validation  		CVE-2017-1000014 cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.5:*
cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.4:*
cpe:2.3:a:phpmyadmin:phpmyadmin:4… 		2024-11-21 12:03
2017-07-17 		Show GitHub Exploit DB Packet Storm
36 6.1
5.8 		MEDIUM
Network 		phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness CWE-601
Open Redirect 		CVE-2017-1000013 cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.5:*
cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.4:*
cpe:2.3:a:phpmyadmin:phpmyadmin:4… 		2024-11-21 12:03
2017-07-17 		Show GitHub Exploit DB Packet Storm
37 8.6
5.0 		HIGH
Network 		The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2016-6621 cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.5:*
cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.4:*
cpe:2.3:a:phpmyadmin:phpmyadmin:4… 		4.0.10.18 2024-11-21 11:56
2017-02-1 		Show GitHub Exploit DB Packet Storm
38 9.8
6.8 		CRITICAL
Network 		An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All … CWE-352
 Origin Validation Error 		CVE-2016-9866 cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.4:*
cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.3:*
cpe:2.3:a:phpmyadmin:phpmyadmin:4… 		2024-11-21 12:01
2016-12-11 		Show GitHub Exploit DB Packet Storm
39 9.8
7.5 		CRITICAL
Network 		An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.… CWE-254
CWE-502
 7PK - Security Features
 Deserialization of Untrusted Data 		CVE-2016-9865 cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.4:*
cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.3:*
cpe:2.3:a:phpmyadmin:phpmyadmin:4… 		2024-11-21 12:01
2016-12-11 		Show GitHub Exploit DB Packet Storm
40 7.5
6.0 		HIGH
Network 		An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the contro… CWE-89
SQL Injection 		CVE-2016-9864 cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.4:*
cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.3:*
cpe:2.3:a:phpmyadmin:phpmyadmin:4… 		2024-11-21 12:01
2016-12-11 		Show GitHub Exploit DB Packet Storm