phpmyadmin/phpmyadmin vulnerabilities

Known vulnerabilities in the phpmyadmin/phpmyadmin package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Information Exposure Through an Error Message	>=4.0.0, <4.0.10.17>=4.4.0, <4.4.15.8>=4.6.0, <4.6.4
M Session Fixation	>=4.4.0, <4.4.15.9>=4.6.0, <4.6.5
M Improper Input Validation	>=4.0.0, <4.0.10.18>=4.4.0, <4.4.15.9>=4.6.0, <4.6.5
M Cross-site Scripting (XSS)	>=4.0.0, <4.0.10.16>=4.4.0, <4.4.15.7>=4.6.0, <4.6.3
M Improper Input Validation	>=4.0.0, <4.0.10.17>=4.4.0, <4.4.15.8>=4.6.0, <4.6.4
M Information Exposure	>=4.0.0, <4.0.10.17>=4.4.0, <4.4.15.8>=4.6.0, <4.6.4
M Resource Exhaustion	>=4.0.0, <4.0.10.17>=4.4.0, <4.4.15.8>=4.6.0, <4.6.4
H Uncontrolled Resource Consumption ('Resource Exhaustion')	>=4.0.0, <4.0.10.16>=4.4.0, <4.4.15.7>=4.6.0, <4.6.3
H Observable Timing Discrepancy	>=4.0, <4.0.10.13>=4.4, <4.4.15.3>=4.5, <4.5.4
H Command Injection	>=4.0, <4.0.10.17>=4.4, <4.4.15.8>=4.6, <4.6.4
H URL Redirection to Untrusted Site ('Open Redirect')	>=4.0, <4.0.10.18>=4.4, <4.4.15.9>=4.6, <4.6.5
H Improper Control of Generation of Code ('Code Injection')	>=4.0, <4.0.10.17>=4.4, <4.4.15.8>=4.6, <4.6.4
M Authentication Bypass by Spoofing	>=4.0, <4.0.10.17>=4.4, <4.4.15.8>=4.6, <4.6.4
M Cross-site Scripting (XSS)	>=4.6, <4.6.4
M Information Exposure	>=4.0, <4.0.10.17>=4.4, <4.4.15.8>=4.6, <4.6.4
M Uncontrolled Resource Consumption ('Resource Exhaustion')	>=4.0, <4.0.10.17>=4.4, <4.4.15.8>=4.6, <4.6.4
M Information Exposure	>=4.0, <4.0.10.16>=4.4, <4.4.15.7>=4.6, <4.6.3
M Cross-site Scripting (XSS)	>=4.0, <4.0.4.2
M Variable Extraction Error	<4.0.4.1
M Cross-site Scripting (XSS)	>=4.2.0, <4.2.9.1>=4.1.0, <4.1.14.5>=4.0.0, <4.0.10.4
M Cross-site Scripting (XSS)	<4.0.10.1>=4.1.0, <4.1.14.2>=4.2.0, <4.2.6
M Cross-site Scripting (XSS)	>=4.0.0, <4.0.10.3>=4.1.0, <4.1.14.4>=4.2.0, <4.2.8.1
M Cross-site Scripting (XSS)	>=4.0.0, <4.0.10.5>=4.1.0, <4.1.14.6>=4.2.0, <4.2.10.1
M Denial of Service (DoS)	>=4.0, <4.0.10.17>=4.4, <4.4.15.8>=4.6, <4.6.4
H Cryptographic Issues	>=4.0, <4.0.10.13>=4.4, <4.4.15.3>=4.5, <4.5.4
M Denial of Service (DoS)	>=4.0.0, <4.0.10.17>=4.4.0, <4.4.15.8>=4.6.0, <4.6.4
L Reliance on Cookies without Validation and Integrity Checking	>=4.6, <4.6.3
M Cross-site Scripting (XSS)	>=4.6, <4.6.3
M Information Exposure	>=4.4, <4.4.15.9>=4.6, <4.6.5
M Cross-site Scripting (XSS)	>=4.0, <4.0.10.18>=4.4, <4.4.15.9>=4.6, <4.6.5
M Cross-site Scripting (XSS)	>=4.0.0, <4.0.10.18>=4.4.0, <4.4.15.9>=4.6.0, <4.6.5
M Cross-site Scripting (XSS)	>=4.6.0, <4.6.3
H Denial of Service (DoS)	>=4.6.0, <4.6.5
M Cryptographic Issues	>=4.0.0, <4.0.10.18>=4.4.0, <4.4.15.9>=4.6.0, <4.6.5
M Authentication Bypass	>=4.0.0, <4.0.10.17>=4.4.0, <4.4.15.8>=4.6.0, <4.6.4
M Cross-site Request Forgery (CSRF)	>=4.0.0, <4.0.10.18>=4.4.0, <4.4.15.9>=4.6.0, <4.6.5
M Cross-site Scripting (XSS)	>=4.0, <4.0.10.13
H SQL Injection	<5.0.2
C Arbitrary Code Execution	>=4.0.0, <4.0.10.16>=4.1.0, <4.4.15.7>=4.5.0, <4.6.3
M Information Exposure	<5.1.3
H Cross-site Scripting (XSS)	>=5.1.0, <5.1.2
M Access Restriction Bypass	>=4.9.0, <4.9.8>=5.1.0, <5.1.2
M CSV Injection	<5.0.3
H Cross-site Scripting (XSS)	>=4.9.0, <4.9.6>=5.0.0, <5.0.3
H SQL Injection	>=4.9.0, <4.9.6>=5.0.0, <5.0.3
H Improper Authorization	>=4.0.0, <4.0.10.19>=4.4.0, <4.4.15.10>=4.6.0, <4.6.6
H Denial of Service (DoS)	>=4.0.0, <4.0.10.19>=4.4.0, <4.4.15.10>=4.6.0, <4.6.6
H Denial of Service (DoS)	>=4.0.0, <4.0.10.19>=4.4.0, <4.4.15.10>=4.6.0, <4.6.6
M Open Redirect	>=4.0.0, <4.0.10.19>=4.4.0, <4.4.15.10>=4.6.0, <4.6.6
M HTML Injection	>=4.0.0, <4.0.10.19>=4.4.0, <4.4.15.10>=4.6.0, <4.6.6
H HTTP Header Injection	>=4.6.0, <4.6.6
H CRLF Injection	>=0.0.0
M SQL Injection	>=4.0.0, <4.9.5>=5.0.0, <5.0.2
M SQL Injection	>=4.0.0, <4.9.5>=5.0.0, <5.0.2
M SQL Injection	>=4.0.0, <4.9.5>=5.0.0, <5.0.2
H SQL Injection	>=4.0.0, <4.9.4>=5.0.0, <5.0.1
M Information Exposure	<4.9.2
H SQL Injection	<4.9.2
M Cross-site Request Forgery (CSRF)	<4.9.0.1
H Cross-site Request Forgery (CSRF)	<4.9.0
C SQL Injection	<4.8.6
C Arbitrary File Read	>=4.0.0, <4.8.5
H SQL Injection	>=4.5.0, <4.8.5
M Cross-site Scripting (XSS)	<4.8.4
M Cross-site Request Forgery (CSRF)	>=4.7.0, <4.8.4
H Information Exposure	>=4.0.0, <4.8.4
M Cross-site Scripting (XSS)	<4.8.3
C Deserialization of Untrusted Data	<4.0.10.17>=4.4.0.0, <4.4.15.8>=4.6.0, <4.6.4
M Cross-site Scripting (XSS)	<4.8.2
H Arbitrary Code Execution	>=4.8.0, <4.8.2
C Access Restriction Bypass	<4.0.10.20>=4.4.0, <4.7.0
H Cross-site Request Forgery (CSRF)	<4.8.0.1
M Cross-site Scripting (XSS)	<4.7.8
H Cross-site Request Forgery (CSRF)	<4.7.7
M Man-in-the-Middle (MitM)	<4.5.5.1

Vulnerability

Vulnerable Version

Information Exposure Through an Error Message

>=4.0.0, <4.0.10.17>=4.4.0, <4.4.15.8>=4.6.0, <4.6.4

Session Fixation

>=4.4.0, <4.4.15.9>=4.6.0, <4.6.5

Improper Input Validation

>=4.0.0, <4.0.10.18>=4.4.0, <4.4.15.9>=4.6.0, <4.6.5

Cross-site Scripting (XSS)

>=4.0.0, <4.0.10.16>=4.4.0, <4.4.15.7>=4.6.0, <4.6.3

Improper Input Validation

>=4.0.0, <4.0.10.17>=4.4.0, <4.4.15.8>=4.6.0, <4.6.4

Information Exposure

>=4.0.0, <4.0.10.17>=4.4.0, <4.4.15.8>=4.6.0, <4.6.4

Resource Exhaustion

>=4.0.0, <4.0.10.17>=4.4.0, <4.4.15.8>=4.6.0, <4.6.4

Uncontrolled Resource Consumption ('Resource Exhaustion')

>=4.0.0, <4.0.10.16>=4.4.0, <4.4.15.7>=4.6.0, <4.6.3

Observable Timing Discrepancy

>=4.0, <4.0.10.13>=4.4, <4.4.15.3>=4.5, <4.5.4

Command Injection

>=4.0, <4.0.10.17>=4.4, <4.4.15.8>=4.6, <4.6.4

URL Redirection to Untrusted Site ('Open Redirect')

>=4.0, <4.0.10.18>=4.4, <4.4.15.9>=4.6, <4.6.5

Improper Control of Generation of Code ('Code Injection')

>=4.0, <4.0.10.17>=4.4, <4.4.15.8>=4.6, <4.6.4

Authentication Bypass by Spoofing

>=4.0, <4.0.10.17>=4.4, <4.4.15.8>=4.6, <4.6.4

Cross-site Scripting (XSS)

>=4.6, <4.6.4

Information Exposure

>=4.0, <4.0.10.17>=4.4, <4.4.15.8>=4.6, <4.6.4

Uncontrolled Resource Consumption ('Resource Exhaustion')

>=4.0, <4.0.10.17>=4.4, <4.4.15.8>=4.6, <4.6.4

Information Exposure

>=4.0, <4.0.10.16>=4.4, <4.4.15.7>=4.6, <4.6.3

Cross-site Scripting (XSS)

>=4.0, <4.0.4.2

Variable Extraction Error

<4.0.4.1

Cross-site Scripting (XSS)

>=4.2.0, <4.2.9.1>=4.1.0, <4.1.14.5>=4.0.0, <4.0.10.4

Cross-site Scripting (XSS)

<4.0.10.1>=4.1.0, <4.1.14.2>=4.2.0, <4.2.6

Cross-site Scripting (XSS)

>=4.0.0, <4.0.10.3>=4.1.0, <4.1.14.4>=4.2.0, <4.2.8.1

Cross-site Scripting (XSS)

>=4.0.0, <4.0.10.5>=4.1.0, <4.1.14.6>=4.2.0, <4.2.10.1

Denial of Service (DoS)

>=4.0, <4.0.10.17>=4.4, <4.4.15.8>=4.6, <4.6.4

Cryptographic Issues

>=4.0, <4.0.10.13>=4.4, <4.4.15.3>=4.5, <4.5.4

Denial of Service (DoS)

>=4.0.0, <4.0.10.17>=4.4.0, <4.4.15.8>=4.6.0, <4.6.4

Reliance on Cookies without Validation and Integrity Checking

>=4.6, <4.6.3

Cross-site Scripting (XSS)

>=4.6, <4.6.3

Information Exposure

>=4.4, <4.4.15.9>=4.6, <4.6.5

Cross-site Scripting (XSS)

>=4.0, <4.0.10.18>=4.4, <4.4.15.9>=4.6, <4.6.5

Cross-site Scripting (XSS)

>=4.0.0, <4.0.10.18>=4.4.0, <4.4.15.9>=4.6.0, <4.6.5

Cross-site Scripting (XSS)

>=4.6.0, <4.6.3

Denial of Service (DoS)

>=4.6.0, <4.6.5

Cryptographic Issues

>=4.0.0, <4.0.10.18>=4.4.0, <4.4.15.9>=4.6.0, <4.6.5

Authentication Bypass

>=4.0.0, <4.0.10.17>=4.4.0, <4.4.15.8>=4.6.0, <4.6.4

Cross-site Request Forgery (CSRF)

>=4.0.0, <4.0.10.18>=4.4.0, <4.4.15.9>=4.6.0, <4.6.5

Cross-site Scripting (XSS)

>=4.0, <4.0.10.13

SQL Injection

<5.0.2

Arbitrary Code Execution

>=4.0.0, <4.0.10.16>=4.1.0, <4.4.15.7>=4.5.0, <4.6.3

Information Exposure

<5.1.3

Cross-site Scripting (XSS)

>=5.1.0, <5.1.2

Access Restriction Bypass

>=4.9.0, <4.9.8>=5.1.0, <5.1.2

CSV Injection

<5.0.3

Cross-site Scripting (XSS)

>=4.9.0, <4.9.6>=5.0.0, <5.0.3

SQL Injection

>=4.9.0, <4.9.6>=5.0.0, <5.0.3

Improper Authorization

>=4.0.0, <4.0.10.19>=4.4.0, <4.4.15.10>=4.6.0, <4.6.6

Denial of Service (DoS)

>=4.0.0, <4.0.10.19>=4.4.0, <4.4.15.10>=4.6.0, <4.6.6

Denial of Service (DoS)

>=4.0.0, <4.0.10.19>=4.4.0, <4.4.15.10>=4.6.0, <4.6.6

Open Redirect

>=4.0.0, <4.0.10.19>=4.4.0, <4.4.15.10>=4.6.0, <4.6.6

HTML Injection

>=4.0.0, <4.0.10.19>=4.4.0, <4.4.15.10>=4.6.0, <4.6.6

HTTP Header Injection

>=4.6.0, <4.6.6

CRLF Injection

>=0.0.0

SQL Injection

>=4.0.0, <4.9.5>=5.0.0, <5.0.2

SQL Injection

>=4.0.0, <4.9.5>=5.0.0, <5.0.2

SQL Injection

>=4.0.0, <4.9.5>=5.0.0, <5.0.2

SQL Injection

>=4.0.0, <4.9.4>=5.0.0, <5.0.1

Information Exposure

<4.9.2

SQL Injection

<4.9.2

Cross-site Request Forgery (CSRF)

<4.9.0.1

Cross-site Request Forgery (CSRF)

<4.9.0

SQL Injection

<4.8.6

Arbitrary File Read

>=4.0.0, <4.8.5

SQL Injection

>=4.5.0, <4.8.5

Cross-site Scripting (XSS)

<4.8.4

Cross-site Request Forgery (CSRF)

>=4.7.0, <4.8.4

Information Exposure

>=4.0.0, <4.8.4

Cross-site Scripting (XSS)

<4.8.3

Deserialization of Untrusted Data

<4.0.10.17>=4.4.0.0, <4.4.15.8>=4.6.0, <4.6.4

Cross-site Scripting (XSS)

<4.8.2

Arbitrary Code Execution

>=4.8.0, <4.8.2

Access Restriction Bypass

<4.0.10.20>=4.4.0, <4.7.0

Cross-site Request Forgery (CSRF)

<4.8.0.1

Cross-site Scripting (XSS)

<4.7.8

Cross-site Request Forgery (CSRF)

<4.7.7

Man-in-the-Middle (MitM)

<4.5.5.1

phpmyadmin/phpmyadmin vulnerabilities

licenses detected

Direct Vulnerabilities

How to fix?