phpmyadmin/phpmyadmin vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the phpmyadmin/phpmyadmin package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Information Exposure Through an Error Message

>=4.0.0, <4.0.10.17 >=4.4.0, <4.4.15.8 >=4.6.0, <4.6.4
  • M
Session Fixation

>=4.4.0, <4.4.15.9 >=4.6.0, <4.6.5
  • M
Improper Input Validation

>=4.0.0, <4.0.10.18 >=4.4.0, <4.4.15.9 >=4.6.0, <4.6.5
  • M
Cross-site Scripting (XSS)

>=4.0.0, <4.0.10.16 >=4.4.0, <4.4.15.7 >=4.6.0, <4.6.3
  • M
Improper Input Validation

>=4.0.0, <4.0.10.17 >=4.4.0, <4.4.15.8 >=4.6.0, <4.6.4
  • M
Information Exposure

>=4.0.0, <4.0.10.17 >=4.4.0, <4.4.15.8 >=4.6.0, <4.6.4
  • M
Resource Exhaustion

>=4.0.0, <4.0.10.17 >=4.4.0, <4.4.15.8 >=4.6.0, <4.6.4
  • H
Uncontrolled Resource Consumption ('Resource Exhaustion')

>=4.0.0, <4.0.10.16 >=4.4.0, <4.4.15.7 >=4.6.0, <4.6.3
  • H
Observable Timing Discrepancy

>=4.0, <4.0.10.13 >=4.4, <4.4.15.3 >=4.5, <4.5.4
  • H
Command Injection

>=4.0, <4.0.10.17 >=4.4, <4.4.15.8 >=4.6, <4.6.4
  • H
URL Redirection to Untrusted Site ('Open Redirect')

>=4.0, <4.0.10.18 >=4.4, <4.4.15.9 >=4.6, <4.6.5
  • H
Improper Control of Generation of Code ('Code Injection')

>=4.0, <4.0.10.17 >=4.4, <4.4.15.8 >=4.6, <4.6.4
  • M
Authentication Bypass by Spoofing

>=4.0, <4.0.10.17 >=4.4, <4.4.15.8 >=4.6, <4.6.4
  • M
Cross-site Scripting (XSS)

>=4.6, <4.6.4
  • M
Information Exposure

>=4.0, <4.0.10.17 >=4.4, <4.4.15.8 >=4.6, <4.6.4
  • M
Uncontrolled Resource Consumption ('Resource Exhaustion')

>=4.0, <4.0.10.17 >=4.4, <4.4.15.8 >=4.6, <4.6.4
  • M
Information Exposure

>=4.0, <4.0.10.16 >=4.4, <4.4.15.7 >=4.6, <4.6.3
  • M
Cross-site Scripting (XSS)

>=4.0, <4.0.4.2
  • M
Variable Extraction Error

<4.0.4.1
  • M
Cross-site Scripting (XSS)

>=4.2.0, <4.2.9.1 >=4.1.0, <4.1.14.5 >=4.0.0, <4.0.10.4
  • M
Cross-site Scripting (XSS)

<4.0.10.1 >=4.1.0, <4.1.14.2 >=4.2.0, <4.2.6
  • M
Cross-site Scripting (XSS)

>=4.0.0, <4.0.10.3 >=4.1.0, <4.1.14.4 >=4.2.0, <4.2.8.1
  • M
Cross-site Scripting (XSS)

>=4.0.0, <4.0.10.5 >=4.1.0, <4.1.14.6 >=4.2.0, <4.2.10.1
  • M
Denial of Service (DoS)

>=4.0, <4.0.10.17 >=4.4, <4.4.15.8 >=4.6, <4.6.4
  • H
Cryptographic Issues

>=4.0, <4.0.10.13 >=4.4, <4.4.15.3 >=4.5, <4.5.4
  • M
Denial of Service (DoS)

>=4.0.0, <4.0.10.17 >=4.4.0, <4.4.15.8 >=4.6.0, <4.6.4
  • L
Reliance on Cookies without Validation and Integrity Checking

>=4.6, <4.6.3
  • M
Cross-site Scripting (XSS)

>=4.6, <4.6.3
  • M
Information Exposure

>=4.4, <4.4.15.9 >=4.6, <4.6.5
  • M
Cross-site Scripting (XSS)

>=4.0, <4.0.10.18 >=4.4, <4.4.15.9 >=4.6, <4.6.5
  • M
Cross-site Scripting (XSS)

>=4.0.0, <4.0.10.18 >=4.4.0, <4.4.15.9 >=4.6.0, <4.6.5
  • M
Cross-site Scripting (XSS)

>=4.6.0, <4.6.3
  • H
Denial of Service (DoS)

>=4.6.0, <4.6.5
  • M
Cryptographic Issues

>=4.0.0, <4.0.10.18 >=4.4.0, <4.4.15.9 >=4.6.0, <4.6.5
  • M
Authentication Bypass

>=4.0.0, <4.0.10.17 >=4.4.0, <4.4.15.8 >=4.6.0, <4.6.4
  • M
Cross-site Request Forgery (CSRF)

>=4.0.0, <4.0.10.18 >=4.4.0, <4.4.15.9 >=4.6.0, <4.6.5
  • M
Cross-site Scripting (XSS)

>=4.0, <4.0.10.13
  • H
SQL Injection

<5.0.2
  • C
Arbitrary Code Execution

>=4.0.0, <4.0.10.16 >=4.1.0, <4.4.15.7 >=4.5.0, <4.6.3
  • M
Information Exposure

<5.1.3
  • H
Cross-site Scripting (XSS)

>=5.1.0, <5.1.2
  • M
Access Restriction Bypass

>=4.9.0, <4.9.8 >=5.1.0, <5.1.2
  • M
CSV Injection

<5.0.3
  • H
Cross-site Scripting (XSS)

>=4.9.0, <4.9.6 >=5.0.0, <5.0.3
  • H
SQL Injection

>=4.9.0, <4.9.6 >=5.0.0, <5.0.3
  • H
Improper Authorization

>=4.0.0, <4.0.10.19 >=4.4.0, <4.4.15.10 >=4.6.0, <4.6.6
  • H
Denial of Service (DoS)

>=4.0.0, <4.0.10.19 >=4.4.0, <4.4.15.10 >=4.6.0, <4.6.6
  • H
Denial of Service (DoS)

>=4.0.0, <4.0.10.19 >=4.4.0, <4.4.15.10 >=4.6.0, <4.6.6
  • M
Open Redirect

>=4.0.0, <4.0.10.19 >=4.4.0, <4.4.15.10 >=4.6.0, <4.6.6
  • M
HTML Injection

>=4.0.0, <4.0.10.19 >=4.4.0, <4.4.15.10 >=4.6.0, <4.6.6
  • H
HTTP Header Injection

>=4.6.0, <4.6.6
  • H
CRLF Injection

>=0.0.0
  • M
SQL Injection

>=4.0.0, <4.9.5 >=5.0.0, <5.0.2
  • M
SQL Injection

>=4.0.0, <4.9.5 >=5.0.0, <5.0.2
  • M
SQL Injection

>=4.0.0, <4.9.5 >=5.0.0, <5.0.2
  • H
SQL Injection

>=4.0.0, <4.9.4 >=5.0.0, <5.0.1
  • M
Information Exposure

<4.9.2
  • H
SQL Injection

<4.9.2
  • M
Cross-site Request Forgery (CSRF)

<4.9.0.1
  • H
Cross-site Request Forgery (CSRF)

<4.9.0
  • C
SQL Injection

<4.8.6
  • H
SQL Injection

>=4.5.0, <4.8.5
  • C
Arbitrary File Read

>=4.0.0, <4.8.5
  • M
Cross-site Scripting (XSS)

<4.8.4
  • M
Cross-site Request Forgery (CSRF)

>=4.7.0, <4.8.4
  • H
Information Exposure

>=4.0.0, <4.8.4
  • M
Cross-site Scripting (XSS)

<4.8.3
  • C
Deserialization of Untrusted Data

<4.0.10.17 >=4.4.0.0, <4.4.15.8 >=4.6.0, <4.6.4
  • M
Cross-site Scripting (XSS)

<4.8.2
  • H
Arbitrary Code Execution

>=4.8.0, <4.8.2
  • C
Access Restriction Bypass

<4.0.10.20 >=4.4.0, <4.7.0
  • H
Cross-site Request Forgery (CSRF)

<4.8.0.1
  • M
Cross-site Scripting (XSS)

<4.7.8
  • H
Cross-site Request Forgery (CSRF)

<4.7.7
  • M
Man-in-the-Middle (MitM)

<4.5.5.1