Software Detail

Software Informaton Top

System Management Tool

Software Detail

phpMyAdmin

Number Of NVD

270

CRITICAL

HIGH

MEDIUM

172

LOW

URL	https://www.phpmyadmin.net/
Explanation	phpMyAdmin is a free software tool written in PHP and intended to handle the administration of MySQL via the web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. Frequently used operations (managing databases, tables, columns, relations, indexes, users, permissions, etc.) can be performed via the user interface, with the ability to execute SQL statements directly. Translated and excerpted from [https://www.phpmyadmin.net/]. This is a convenient way to manage MySQL without having to type SQL directly.
Tag	GPL v2

Add Information URL

No	Type	Name	URL
1			https://www.phpmyadmin.net/downloads/
2			https://www.phpmyadmin.net/files/
3			https://www.phpmyadmin.net/security/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
71	phpMyAdmin 5	5.2.3	Oct. 8, 2025	Dec. 26, 2019	2	5	4	0
72	phpMyAdmin 4	4.9.7	Oct. 15, 2020	May 3, 2013	13	30	89	16
73	phpMyAdmin 3	3.5.8.2	July 28, 2013	Sept. 27, 2008	4	8	48	10
74	phpMyAdmin 2	2.11.11.3	Feb. 11, 2011	May 12, 1999	4	22	64	10
75	phpMyAdmin 1	1.3.1	Dec. 27, 1998	Nov. 3, 1998	3	10	21	6
76	phpMyAdmin 0	0.9.0			3	9	21	6

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	Update date Published date	Show Affected	Exploit PoC Search
71	8.8 6.5	HIGH Network	An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4…	CWE-89 SQL Injection	CVE-2016-6619	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.3:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:56 2016-12-11	Show	GitHub Exploit DB Packet Storm

72	6.5 4.0	MEDIUM Network	An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (pr…	NVD-CWE-noinfo	CVE-2016-6618	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.3:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:56 2016-12-11	Show	GitHub Exploit DB Packet Storm

73	8.1 6.8	HIGH Network	An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6…	CWE-89 SQL Injection	CVE-2016-6617	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.3:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:56 2016-12-11	Show	GitHub Exploit DB Packet Storm

74	7.5 6.8	HIGH Network	An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.…	CWE-89 SQL Injection	CVE-2016-6616	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.3:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:56 2016-12-11	Show	GitHub Exploit DB Packet Storm

75	6.1 4.3	MEDIUM Network	XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the "Tracking" featu…	CWE-79 Cross-site Scripting	CVE-2016-6615	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.3:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:56 2016-12-11	Show	GitHub Exploit DB Packet Storm

76	6.8 4.3	MEDIUM Network	An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user…	CWE-22 Path Traversal	CVE-2016-6614	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.3:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:56 2016-12-11	Show	GitHub Exploit DB Packet Storm

77	5.3 2.1	MEDIUM Network	An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user…	CWE-200 Information Exposure	CVE-2016-6613	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.3:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:56 2016-12-11	Show	GitHub Exploit DB Packet Storm

78	6.5 4.0	MEDIUM Network	An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions…	CWE-200 Information Exposure	CVE-2016-6612	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.3:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:56 2016-12-11	Show	GitHub Exploit DB Packet Storm

79	8.1 5.1	HIGH Network	An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6…	CWE-89 SQL Injection	CVE-2016-6611	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.3:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:56 2016-12-11	Show	GitHub Exploit DB Packet Storm

80	4.3 4.0	MEDIUM Network	A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x ve…	CWE-200 Information Exposure	CVE-2016-6610	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.3:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…	2024-11-21 11:56 2016-12-11	Show	GitHub Exploit DB Packet Storm