Software Detail

Software Informaton Top

System Management Tool

Software Detail

phpMyAdmin

Number Of NVD

270

CRITICAL

HIGH

MEDIUM

172

LOW

URL	https://www.phpmyadmin.net/
Explanation	phpMyAdmin is a free software tool written in PHP and intended to handle the administration of MySQL via the web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. Frequently used operations (managing databases, tables, columns, relations, indexes, users, permissions, etc.) can be performed via the user interface, with the ability to execute SQL statements directly. Translated and excerpted from [https://www.phpmyadmin.net/]. This is a convenient way to manage MySQL without having to type SQL directly.
Tag	GPL v2

Add Information URL

No	Type	Name	URL
1			https://www.phpmyadmin.net/downloads/
2			https://www.phpmyadmin.net/files/
3			https://www.phpmyadmin.net/security/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
81	phpMyAdmin 5	5.2.3	Oct. 8, 2025	Dec. 26, 2019	2	5	4	0
82	phpMyAdmin 4	4.9.7	Oct. 15, 2020	May 3, 2013	13	30	89	16
83	phpMyAdmin 3	3.5.8.2	July 28, 2013	Sept. 27, 2008	4	8	48	10
84	phpMyAdmin 2	2.11.11.3	Feb. 11, 2011	May 12, 1999	4	22	64	10
85	phpMyAdmin 1	1.3.1	Dec. 27, 1998	Nov. 3, 1998	3	10	21	6
86	phpMyAdmin 0	0.9.0			3	9	21	6

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
81	8.8 6.5	HIGH Network	An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versi…	CWE-77 Command Injection	CVE-2016-6609	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.3:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…		2024-11-21 11:56 2016-12-11	Show	GitHub Exploit DB Packet Storm

82	6.1 4.3	MEDIUM Network	XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x…	CWE-79 Cross-site Scripting	CVE-2016-6608	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.3:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…		2024-11-21 11:56 2016-12-11	Show	GitHub Exploit DB Packet Storm

83	6.1 4.3	MEDIUM Network	XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are …	CWE-79 Cross-site Scripting	CVE-2016-6607	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.3:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…		2024-11-21 11:56 2016-12-11	Show	GitHub Exploit DB Packet Storm

84	8.1 5.0	HIGH Network	An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's bro…	CWE-310 CWE-200 Cryptographic Issues Information Exposure	CVE-2016-6606	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.3:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…		2024-11-21 11:56 2016-12-11	Show	GitHub Exploit DB Packet Storm

85	4.4 3.6	MEDIUM Network	An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the u…	CWE-254 7PK - Security Features	CVE-2016-4412	cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.9:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.8:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…		2024-11-21 11:52 2016-12-11	Show	GitHub Exploit DB Packet Storm

86	6.1 4.3	MEDIUM Network	Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mish…	CWE-79 Cross-site Scripting	CVE-2016-5099	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:rc2 cpe:2.3:a:phpmyadmin:phpmyadmin…		2024-11-21 11:53 2016-07-5	Show	GitHub Exploit DB Packet Storm

87	5.3 5.0	MEDIUM Network	Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error.	CWE-22 Path Traversal	CVE-2016-5098	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:*		2024-11-21 11:53 2016-07-5	Show	GitHub Exploit DB Packet Storm

88	5.3 5.0	MEDIUM Network	phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by readin…	CWE-200 Information Exposure	CVE-2016-5097	cpe:2.3:a:phpmyadmin:phpmyadmin::	4.6.1	2024-11-21 11:53 2016-07-5	Show	GitHub Exploit DB Packet Storm

89	7.5 5.0	HIGH Network	The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, …	CWE-200 Information Exposure	CVE-2016-5739	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…		2024-11-21 11:54 2016-07-3	Show	GitHub Exploit DB Packet Storm

90	9.8 7.5	CRITICAL Network	phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote…	CWE-94 Code Injection	CVE-2016-5734	cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:* cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:* cpe:2.3:a:phpmyadmin:phpmyadmin:4…		2024-11-21 11:54 2016-07-3	Show	GitHub Exploit DB Packet Storm