Homepage

phpmyadmin vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the phpmyadmin package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • L
CVE-2025-24530

<4:5.2.2-really5.2.2+20250121+dfsg-1
  • L
CVE-2025-24529

<4:5.2.2-really5.2.2+20250121+dfsg-1
  • M
Cross-site Scripting (XSS)

<4:5.2.1+dfsg-1
  • C
SQL Injection

<4:5.0.4+dfsg1-1
  • L
Information Exposure

<4:5.1.3+dfsg1-1
  • L
Improper Authentication

<4:5.1.3+dfsg1-1
  • L
Cross-site Scripting (XSS)

<4:5.1.3+dfsg1-1
  • H
Resource Exhaustion

<4:5.0.4+dfsg2-2
  • C
SQL Injection

<4:4.9.7+dfsg1-1
  • M
Cross-site Scripting (XSS)

<4:4.9.7+dfsg1-1
  • L
Arbitrary Code Injection

*
  • M
Cross-site Scripting (XSS)

<4:4.9.5+dfsg1-1
  • H
SQL Injection

<4:4.9.5+dfsg1-1
  • H
SQL Injection

<4:4.9.5+dfsg1-1
  • H
SQL Injection

<4:4.9.4+dfsg1-1
  • C
CVE-2019-19617

<4:4.9.2+dfsg1-1
  • C
SQL Injection

<4:4.9.2+dfsg1-1
  • M
Cross-site Request Forgery (CSRF)

<4:4.9.1+dfsg1-2
  • M
Cross-site Request Forgery (CSRF)

<4:4.9.1+dfsg1-2
  • C
SQL Injection

<4:4.9.1+dfsg1-2
  • M
CVE-2019-6799

<4:4.9.1+dfsg1-2
  • C
SQL Injection

<4:4.9.1+dfsg1-2
  • M
Information Exposure

<4:4.9.1+dfsg1-2
  • M
Cross-site Scripting (XSS)

<4:4.9.1+dfsg1-2
  • H
Cross-site Request Forgery (CSRF)

<4:4.9.1+dfsg1-2
  • L
Improper Input Validation

<4:4.6.6-1
  • L
Cross-site Scripting (XSS)

<4:4.9.1+dfsg1-2
  • C
CVE-2017-18264

<4:4.6.6-2
  • H
Cross-site Request Forgery (CSRF)

<4:4.9.1+dfsg1-2
  • M
Cross-site Scripting (XSS)

<4:4.9.1+dfsg1-2
  • L
Improper Input Validation

<4:4.6.6-1
  • L
Open Redirect

<4:4.6.6-1
  • L
Improper Input Validation

<4:4.6.6-1
  • L
Improper Input Validation

<4:4.6.6-1
  • L
Cross-site Scripting (XSS)

<4:4.6.6-1
  • L
Server-Side Request Forgery (SSRF)

<4:4.6.6-1
  • H
Server-Side Request Forgery (SSRF)

<4:4.6.6-1
  • L
Security Features

<4:4.6.5.1-1
  • L
Cross-site Request Forgery (CSRF)

<4:4.6.5.1-1
  • H
Arbitrary Code Injection

<4:4.6.5.1-1
  • L
Improper Input Validation

<4:4.6.5.1-1
  • H
SQL Injection

<4:4.6.5.1-1
  • L
Improper Input Validation

<4:4.6.5.1-1
  • C
Security Features

<4:4.6.5.1-1
  • C
Access Restriction Bypass

<4:4.6.5.1-1
  • M
Directory Traversal

<4:4.6.4+dfsg1-1
  • L
Information Exposure

<4:4.6.4+dfsg1-1
  • L
Information Exposure

<4:4.6.5.1-1
  • L
Cryptographic Issues

<4:4.6.5.1-1
  • H
OS Command Injection

<4:4.6.4+dfsg1-1
  • M
CVE-2016-6618

<4:4.6.4+dfsg1-1
  • M
Information Exposure

<4:4.6.4+dfsg1-1
  • M
Resource Management Errors

<4:4.6.4+dfsg1-1
  • L
Information Exposure

<4:4.6.5.1-1
  • M
Cross-site Scripting (XSS)

<4:4.6.4+dfsg1-1
  • H
Cryptographic Issues

<4:4.6.4+dfsg1-1
  • L
Improper Input Validation

<4:4.6.5.1-1
  • C
Security Features

<4:4.6.4+dfsg1-1
  • H
Arbitrary Command Injection

<4:4.6.4+dfsg1-1
  • H
SQL Injection

<4:4.6.4+dfsg1-1
  • L
CVE-2016-6633

<4:4.6.4+dfsg1-1
  • H
SQL Injection

<4:4.6.4+dfsg1-1
  • M
Information Exposure

<4:4.6.4+dfsg1-1
  • M
Cross-site Scripting (XSS)

<4:4.6.4+dfsg1-1
  • M
Security Features

<4:4.6.4+dfsg1-1
  • M
Improper Input Validation

<4:4.6.4+dfsg1-1
  • L
Information Exposure

<4:4.6.5.1-1
  • M
Security Features

<4:4.6.4+dfsg1-1
  • L
Cross-site Scripting (XSS)

<4:4.6.5.1-1
  • M
Information Exposure

<4:4.6.4+dfsg1-1
  • L
Cross-site Scripting (XSS)

<4:4.6.5.1-1
  • M
Security Features

<4:4.1.7-1
  • L
Security Features

<4:4.6.5.1-1
  • L
Information Exposure

<4:4.6.4+dfsg1-1
  • M
Security Features

<4:4.6.4+dfsg1-1
  • C
Deserialization of Untrusted Data

<4:4.6.4+dfsg1-1
  • L
Improper Input Validation

<4:4.6.5.1-1
  • L
Security Features

<4:4.6.5.1-1
  • H
SQL Injection

<4:4.6.4+dfsg1-1
  • M
Cross-site Scripting (XSS)

<4:4.6.4+dfsg1-1
  • M
Resource Management Errors

<4:4.6.4+dfsg1-1
  • L
Information Exposure

<4:4.6.5.1-1
  • L
Information Exposure

<4:4.6.5.1-1
  • M
Improper Input Validation

<4:4.6.4+dfsg1-1
  • H
SQL Injection

<4:4.6.4+dfsg1-1
  • L
Information Exposure

<4:4.6.2-1
  • L
Cross-site Scripting (XSS)

<4:4.6.2-1
  • M
Arbitrary Code Injection

<4:4.6.3-1
  • C
SQL Injection

<4:4.6.3-1
  • H
Information Exposure

<4:4.6.3-1
  • L
Cross-site Scripting (XSS)

<4:4.6.3-1
  • C
Arbitrary Code Injection

<4:4.6.3-1
  • M
Cross-site Scripting (XSS)

<4:4.6.3-1
  • M
Cross-site Scripting (XSS)

<4:4.6.3-1
  • L
Resource Management Errors

<4:4.6.3-1
  • L
Information Exposure

<4:4.6.3-1
  • M
Cross-site Scripting (XSS)

<4:4.6.3-1
  • L
Security Features

<4:4.6.3-1
  • M
Cross-site Scripting (XSS)

<4:4.6.3-1
  • L
Cross-site Scripting (XSS)

<4:4.5.5.1-1
  • L
Improper Input Validation

<4:4.5.5.1-1
  • M
Cross-site Scripting (XSS)

<4:4.5.5.1-1
  • L
Cross-site Scripting (XSS)

<4:4.5.5.1-1
  • M
Cross-site Scripting (XSS)

<4:4.5.4-1
  • L
Cross-site Scripting (XSS)

<4:4.5.4-1
  • L
Information Exposure

<4:4.5.4-1
  • M
Information Exposure

<4:4.5.4-1
  • L
Information Exposure

<4:4.5.4-1
  • M
Information Exposure

<4:4.5.4-1
  • M
Cross-site Scripting (XSS)

<4:4.5.4-1
  • H
Security Features

<4:4.5.4-1
  • H
Credentials Management

<4:4.5.4-1
  • L
Information Exposure

<4:4.5.3.1-1
  • L
Security Features

<4:4.5.1-1
  • L
Information Exposure

<4:4.4.14.1-1
  • L
Cryptographic Issues

<4:4.4.6.1-1
  • L
Cross-site Request Forgery (CSRF)

<4:4.4.6.1-1
  • L
Information Exposure

<4:4.4.4-1
  • L
Cross-site Scripting (XSS)

<4:3.4.5-1
  • L
Cross-site Scripting (XSS)

<4:3.4.5-1
  • M
Cross-site Scripting (XSS)

<4:4.2.12-2
  • L
Resource Management Errors

<4:4.2.12-2
  • M
Directory Traversal

<4:4.2.12-1
  • M
Directory Traversal

<4:4.2.12-1
  • L
Cross-site Scripting (XSS)

<4:4.2.12-1
  • L
Cross-site Scripting (XSS)

<4:4.2.12-1
  • M
Cross-site Scripting (XSS)

<4:4.2.8.1-1
  • L
Cross-site Scripting (XSS)

<4:4.2.10.1-1
  • L
Cross-site Scripting (XSS)

<4:4.2.9.1-1
  • L
Cross-site Scripting (XSS)

<4:4.2.7.1-1
  • L
Cross-site Scripting (XSS)

<4:4.2.7.1-1
  • L
Cross-site Scripting (XSS)

<4:4.2.6-1
  • L
Cross-site Scripting (XSS)

<4:4.2.6-1
  • L
Access Restriction Bypass

<4:4.2.6-1
  • L
Cross-site Scripting (XSS)

<4:4.2.6-1
  • L
Cross-site Scripting (XSS)

<4:4.2.5-1
  • L
Cross-site Scripting (XSS)

<4:4.2.5-1
  • L
Cross-site Scripting (XSS)

<4:4.1.7-1
  • M
Improper Input Validation

<4:4.0.5-1
  • L
Cross-site Scripting (XSS)

<4:4.0.4.2-1
  • L
Information Exposure

<4:4.0.4.2-1
  • L
Information Exposure

<4:4.0.4.2-1
  • L
Information Exposure

<4:4.0.4.2-1
  • L
Cross-site Scripting (XSS)

<4:4.0.4.2-1
  • M
SQL Injection

<4:4.0.4.2-1
  • M
Cross-site Scripting (XSS)

<4:4.0.4.2-1
  • L
Cross-site Scripting (XSS)

<4:4.0.4.2-1
  • M
Cross-site Scripting (XSS)

<4:4.0.4.2-1
  • M
Access Restriction Bypass

<4:4.0.4.1-1
  • L
Cross-site Scripting (XSS)

<4:4.0.1-3
  • M
Arbitrary Code Injection

<4:3.4.11.1-2
  • L
Cross-site Scripting (XSS)

<4:3.4.11.1-1
  • L
Cross-site Scripting (XSS)

<4:3.4.11.1-1
  • L
Information Exposure

<4:4.0.1-1
  • L
Cross-site Scripting (XSS)

<4:3.4.10.1-1
  • L
Information Exposure

<4:3.4.10.2-1
  • M
Improper Input Validation

<4:3.4.1-1
  • M
Cross-site Scripting (XSS)

<4:3.4.1-1
  • L
Cross-site Scripting (XSS)

<4:3.4.8-1
  • L
Cross-site Scripting (XSS)

<4:3.4.9-1
  • L
Cross-site Scripting (XSS)

<4:3.4.9-1
  • M
Information Exposure

<4:3.4.7.1-1
  • L
Improper Input Validation

<4:3.4.6-1
  • L
Cross-site Scripting (XSS)

<4:3.4.6-1
  • M
Cross-site Scripting (XSS)

<4:3.4.4-1
  • L
Improper Input Validation

<4:3.4.3.2-1
  • M
Directory Traversal

<4:3.4.3.2-1
  • M
Directory Traversal

<4:3.4.3.2-1
  • L
Cross-site Scripting (XSS)

<4:3.4.3.2-1
  • M
Directory Traversal

<4:3.4.3.1-1
  • L
Arbitrary Code Injection

<4:3.4.3.1-1
  • L
Arbitrary Code Injection

<4:3.4.3.1-1
  • M
Arbitrary Code Injection

<4:3.4.3.1-1
  • L
Improper Input Validation

<4:3.3.9.2-1
  • M
Improper Input Validation

<4:3.3.9.2-1
  • M
Improper Authentication

<4:3.3.7-3
  • M
Cross-site Scripting (XSS)

<4:3.3.7-3
  • M
Cross-site Scripting (XSS)

<4:3.3.7-2
  • L
Cross-site Scripting (XSS)

<4:3.3.7-1
  • M
Cross-site Scripting (XSS)

<4:3.3.6-1
  • H
Access Restriction Bypass

<4:3.0.0
  • M
Cross-site Scripting (XSS)

<4:3.3.5.1-1
  • C
Cryptographic Issues

<4:3.0.0-1
  • C
Access Restriction Bypass

<4:3.0.0-1
  • M
CVE-2009-4605

<4:3.2.4-1
  • M
Cross-site Scripting (XSS)

<4:3.2.2.1-1
  • H
SQL Injection

<4:3.2.2.1-1
  • M
Cross-site Scripting (XSS)

<4:3.2.0.1-1
  • L
Arbitrary Code Injection

<4:3.1.3.2-1
  • M
Cross-site Scripting (XSS)

<4:3.1.3.1-1
  • M
Directory Traversal

<4:3.1.3.1-1
  • H
Improper Input Validation

<4:3.1.3.1-1
  • C
Arbitrary Code Injection

<4:3.1.3.1-1
  • M
Cross-site Request Forgery (CSRF)

<4:2.11.8.1-5
  • L
Cross-site Scripting (XSS)

<4:2.11.8.1-4
  • M
Cross-site Scripting (XSS)

<4:2.11.8.1-3
  • M
Improper Input Validation

<4:2.11.8.1-2
  • L
Cross-site Scripting (XSS)

<4:2.11.8~rc1-1
  • L
Link Following

<4:2.11.8~rc1-1
  • L
Cross-site Request Forgery (CSRF)

<4:2.11.7.1-1
  • L
Cross-site Scripting (XSS)

<4:2.11.7~rc2-1
  • L
Information Exposure

<4:2.11.5.2-1
  • M
Information Exposure

<2.11.5.1
  • L
Cross-site Request Forgery (CSRF)

<4:2.11.5-1
  • L
Cross-site Scripting (XSS)

<4:2.11.2.2-1
  • L
Cross-site Scripting (XSS)

<4:2.11.2.1-1
  • L
SQL Injection

<4:2.11.2.1-1
  • M
Cross-site Scripting (XSS)

<4:2.11.1.2-1
  • M
Cross-site Scripting (XSS)

<4:2.11.1.2-1
  • L
CVE-2007-4306

*
  • L
CVE-2007-2245

<4:2.10.1-1
  • L
CVE-2007-2016

<4:2.6.2-3
  • M
CVE-2007-1395

<4:2.10.0.2-1
  • M
CVE-2007-1325

<4:2.10.0.2-1
  • L
Improper Input Validation

<4:2.9.1.1-2
  • M
Cross-site Scripting (XSS)

<4:2.9.1.1-2
  • M
CVE-2006-6944

<4:2.9.1.1-2
  • M
CVE-2007-0341

<4:2.9.1.1-2
  • L
CVE-2007-0204

<4:2.9.1.1-2
  • L
CVE-2007-0203

<4:2.9.1.1-2
  • L
CVE-2007-0095

<4:2.9.1.1-1
  • L
CVE-2006-6373

<4:2.9.1.1-1
  • L
CVE-2006-5718

<4:2.9.0.3-1
  • L
CVE-2006-5117

<4:2.9.0.2-0.1
  • L
CVE-2006-5116

<4:2.9.0.2-0.1
  • L
CVE-2006-3388

<4:2.8.2-0.1
  • M
CVE-2006-2418

<4:2.8.1-1
  • M
Cross-site Scripting (XSS)

<4:2.8.1-1
  • L
CVE-2006-2031

<4:2.8.1-1
  • L
CVE-2006-1804

<4:2.8.1-1
  • L
CVE-2006-1803

<4:2.8.1-1
  • M
CVE-2006-1678

<4:2.8.0.3-1
  • M
CVE-2006-1258

<4:2.8.0.2-2
  • L
SQL Injection

<4:3.2.0-1
  • M
CVE-2005-3665

<4:2.6.4-pl4-2
  • M
CVE-2005-3787

<4:2.6.4-pl4-1
  • M
CVE-2005-3621

<4:2.6.4-pl4-1
  • L
CVE-2005-3622

*
  • M
CVE-2005-3301

<4:2.6.4-pl3-1
  • H
CVE-2005-3300

<4:2.6.4-pl3-1
  • H
CVE-2005-3299

<4:2.6.4-pl2-1
  • M
CVE-2005-2869

<4:2.6.4-pl1-1
  • M
CVE-2005-0544

<3:2.6.1-pl2-1
  • M
CVE-2005-0653

<3:2.6.1-pl3-1
  • L
CVE-2005-0459

<4:2.6.2
  • H
CVE-2005-0567

<3:2.6.1-pl2-1
  • M
CVE-2005-0992

<3:2.6.2-rc1-1
  • M
CVE-2004-1055

<2:2.6.0-pl3-1
  • M
Cross-site Scripting (XSS)

<3:2.6.1-pl2-1
  • M
CVE-2004-1148

<2:2.6.1-rc1-1
  • C
CVE-2004-1147

<2:2.6.1-rc1-1
  • H
CVE-2004-2632

<1:2.5.7-pl1-1
  • H
CVE-2004-2631

<1:2.5.7-pl1-1
  • H
CVE-2004-2630

<2:2.6.0-pl2-1
  • M
CVE-2004-0129

<2:2.6.0-pl2