phpmyadmin vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the phpmyadmin package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

<4:4.2.12-2+deb8u9
  • H
SQL Injection

<4:4.2.12-2+deb8u9
  • H
SQL Injection

<4:4.2.12-2+deb8u8
  • C
CVE-2019-19617

<4:4.2.12-2+deb8u7
  • M
Cross-site Request Forgery (CSRF)

*
  • M
Cross-site Request Forgery (CSRF)

<4:4.2.12-2+deb8u6
  • M
CVE-2019-6799

<4:4.2.12-2+deb8u5
  • M
Information Exposure

<4:4.2.12-2+deb8u4
  • H
Cross-site Request Forgery (CSRF)

*
  • M
Cross-site Scripting (XSS)

<4:4.2.12-2+deb8u4
  • C
Improper Input Validation

*
  • C
CVE-2017-18264

<4:4.2.12-2+deb8u3
  • M
Cross-site Scripting (XSS)

*
  • H
Improper Input Validation

*
  • H
Improper Input Validation

*
  • M
Open Redirect

*
  • H
Improper Input Validation

*
  • H
Server-Side Request Forgery (SSRF)

*
  • H
Server-Side Request Forgery (SSRF)

<4:4.2.12-2+deb8u3
  • C
Security Features

<4:4.2.12-2+deb8u3
  • C
Cross-site Request Forgery (CSRF)

*
  • M
Improper Input Validation

*
  • H
Security Features

<4:4.2.12-2+deb8u6
  • H
SQL Injection

<4:4.2.12-2+deb8u6
  • H
CVE-2016-6633

*
  • M
Security Features

<4:4.2.12-2+deb8u6
  • M
Information Exposure

<4:4.2.12-2+deb8u6
  • C
Deserialization of Untrusted Data

<4:4.2.12-2+deb8u3
  • M
Resource Management Errors

<4:4.2.12-2+deb8u3
  • M
Information Exposure

*
  • M
Information Exposure

*
  • M
Cross-site Scripting (XSS)

<4:4.2.12-2+deb8u3
  • M
Security Features

<4:4.2.12-2+deb8u6
  • C
Security Features

*
  • M
CVE-2016-6618

<4:4.2.12-2+deb8u3
  • H
OS Command Injection

<4:4.2.12-2+deb8u6
  • M
Improper Input Validation

<4:4.2.12-2+deb8u6
  • M
Security Features

<4:4.2.12-2+deb8u6
  • M
Information Exposure

*
  • M
Information Exposure

*
  • M
Cross-site Scripting (XSS)

*
  • M
Information Exposure

<4:4.2.12-2+deb8u6
  • H
Arbitrary Command Injection

<4:4.2.12-2+deb8u3
  • C
Access Restriction Bypass

<4:4.2.12-2+deb8u6
  • M
Improper Input Validation

*
  • M
Security Features

<4:4.2.12-2+deb8u6
  • H
SQL Injection

<4:4.2.12-2+deb8u3
  • M
Cross-site Scripting (XSS)

<4:4.2.12-2+deb8u6
  • M
Directory Traversal

<4:4.2.12-2+deb8u3
  • M
Improper Input Validation

*
  • M
Information Exposure

<4:4.2.12-2+deb8u6
  • M
Information Exposure

*
  • H
Cryptographic Issues

<4:4.2.12-2+deb8u6
  • M
Information Exposure

*
  • M
Cross-site Scripting (XSS)

*
  • M
Resource Management Errors

<4:4.2.12-2+deb8u6
  • H
SQL Injection

<4:4.2.12-2+deb8u6
  • H
SQL Injection

<4:4.2.12-2+deb8u3
  • M
Improper Input Validation

*
  • M
Security Features

<4:4.1.7-1
  • M
Information Exposure

*
  • M
Cryptographic Issues

*
  • M
Cross-site Scripting (XSS)

<4:4.2.12-2+deb8u2
  • M
Information Exposure

*
  • M
Arbitrary Code Injection

<4:4.2.12-2+deb8u2
  • L
Security Features

*
  • M
Cross-site Scripting (XSS)

<4:4.2.12-2+deb8u2
  • M
Cross-site Scripting (XSS)

<4:4.2.12-2+deb8u2
  • M
Cross-site Scripting (XSS)

<4:4.2.12-2+deb8u2
  • H
Information Exposure

<4:4.2.12-2+deb8u2
  • C
Arbitrary Code Injection

*
  • H
Resource Management Errors

<4:4.2.12-2+deb8u2
  • M
Information Exposure

*
  • M
Cross-site Scripting (XSS)

<4:4.2.12-2+deb8u2
  • M
Cross-site Scripting (XSS)

<4:4.2.12-2+deb8u2
  • M
Information Exposure

<4:4.2.12-2+deb8u2
  • M
Information Exposure

*
  • H
Credentials Management

<4:4.2.12-2+deb8u2
  • M
Cross-site Scripting (XSS)

*
  • H
Security Features

<4:4.2.12-2+deb8u2
  • M
Information Exposure

*
  • M
Cross-site Scripting (XSS)

<4:4.2.12-2+deb8u2
  • M
Information Exposure

*
  • M
Security Features

<4:4.2.12-2+deb8u1
  • M
Information Exposure

<4:4.2.12-2+deb8u1
  • M
Cross-site Request Forgery (CSRF)

<4:4.2.12-2+deb8u1
  • M
Cryptographic Issues

<4:4.2.12-2+deb8u1
  • M
Information Exposure

<4:4.2.12-2+deb8u1
  • L
Cross-site Scripting (XSS)

<4:3.4.5-1
  • L
Cross-site Scripting (XSS)

<4:3.4.5-1
  • M
Resource Management Errors

<4:4.2.12-2+deb8u1
  • M
Cross-site Scripting (XSS)

<4:4.2.12-2
  • M
Directory Traversal

<4:4.2.12-1
  • L
Cross-site Scripting (XSS)

<4:4.2.12-1
  • M
Directory Traversal

<4:4.2.12-1
  • M
Cross-site Scripting (XSS)

<4:4.2.12-2+deb8u1
  • M
Cross-site Scripting (XSS)

<4:4.2.8.1-1
  • L
Cross-site Scripting (XSS)

<4:4.2.10.1-1
  • L
Cross-site Scripting (XSS)

<4:4.2.9.1-1
  • L
Cross-site Scripting (XSS)

<4:4.2.7.1-1
  • L
Cross-site Scripting (XSS)

<4:4.2.7.1-1
  • L
Cross-site Scripting (XSS)

<4:4.2.6-1
  • L
Cross-site Scripting (XSS)

<4:4.2.6-1
  • M
Access Restriction Bypass

<4:4.2.6-1
  • L
Cross-site Scripting (XSS)

<4:4.2.6-1
  • L
Cross-site Scripting (XSS)

<4:4.2.5-1
  • L
Cross-site Scripting (XSS)

<4:4.2.5-1
  • L
Cross-site Scripting (XSS)

<4:4.1.7-1
  • M
Improper Input Validation

<4:4.0.5-1
  • M
Cross-site Scripting (XSS)

<4:4.0.4.2-1
  • L
Cross-site Scripting (XSS)

<4:4.0.4.2-1
  • M
Cross-site Scripting (XSS)

<4:4.0.4.2-1
  • M
SQL Injection

<4:4.0.4.2-1
  • L
Cross-site Scripting (XSS)

<4:4.0.4.2-1
  • L
Cross-site Scripting (XSS)

<4:4.0.4.2-1
  • M
Information Exposure

<4:4.0.4.2-1
  • M
Information Exposure

<4:4.0.4.2-1
  • M
Information Exposure

<4:4.0.4.2-1
  • M
Access Restriction Bypass

<4:4.0.4.1-1
  • L
Cross-site Scripting (XSS)

<4:4.0.1-3
  • M
Arbitrary Code Injection

<4:3.4.11.1-2
  • L
Cross-site Scripting (XSS)

<4:3.4.11.1-1
  • L
Cross-site Scripting (XSS)

<4:3.4.11.1-1
  • M
Information Exposure

<4:4.0.1-1
  • M
Cross-site Scripting (XSS)

<4:3.4.10.1-1
  • M
Information Exposure

<4:3.4.10.2-1
  • M
Improper Input Validation

<4:3.4.1-1
  • M
Cross-site Scripting (XSS)

<4:3.4.1-1
  • M
Cross-site Scripting (XSS)

<4:3.4.9-1
  • M
Cross-site Scripting (XSS)

<4:3.4.9-1
  • M
Cross-site Scripting (XSS)

<4:3.4.8-1
  • M
Information Exposure

<4:3.4.7.1-1
  • M
Improper Input Validation

<4:3.4.6-1
  • M
Cross-site Scripting (XSS)

<4:3.4.6-1
  • M
Cross-site Scripting (XSS)

<4:3.4.4-1
  • M
Improper Input Validation

<4:3.4.3.2-1
  • L
Cross-site Scripting (XSS)

<4:3.4.3.2-1
  • M
Directory Traversal

<4:3.4.3.2-1
  • M
Directory Traversal

<4:3.4.3.2-1
  • M
Directory Traversal

<4:3.4.3.1-1
  • M
Arbitrary Code Injection

<4:3.4.3.1-1
  • M
Arbitrary Code Injection

<4:3.4.3.1-1
  • H
Arbitrary Code Injection

<4:3.4.3.1-1
  • M
Improper Input Validation

<4:3.3.9.2-1
  • M
Improper Input Validation

<4:3.3.9.2-1
  • M
Improper Authentication

<4:3.3.7-3
  • M
Cross-site Scripting (XSS)

<4:3.3.7-3
  • M
Cross-site Scripting (XSS)

<4:3.3.7-2
  • M
Cross-site Scripting (XSS)

<4:3.3.7-1
  • M
Cross-site Scripting (XSS)

<4:3.3.6-1
  • H
Access Restriction Bypass

<4:3.0.0
  • M
Cross-site Scripting (XSS)

<4:3.3.5.1-1
  • C
Access Restriction Bypass

<4:3.0.0-1
  • M
CVE-2009-4605

<4:3.2.4-1
  • C
Cryptographic Issues

<4:3.0.0-1
  • H
SQL Injection

<4:3.2.2.1-1
  • M
Cross-site Scripting (XSS)

<4:3.2.2.1-1
  • M
Cross-site Scripting (XSS)

<4:3.2.0.1-1
  • H
Arbitrary Code Injection

<4:3.1.3.2-1
  • C
Arbitrary Code Injection

<4:3.1.3.1-1
  • H
Improper Input Validation

<4:3.1.3.1-1
  • M
Directory Traversal

<4:3.1.3.1-1
  • M
Cross-site Scripting (XSS)

<4:3.1.3.1-1
  • M
Cross-site Request Forgery (CSRF)

<4:2.11.8.1-5
  • L
Cross-site Scripting (XSS)

<4:2.11.8.1-4
  • M
Cross-site Scripting (XSS)

<4:2.11.8.1-3
  • H
Improper Input Validation

<4:2.11.8.1-2
  • L
Cross-site Scripting (XSS)

<4:2.11.8~rc1-1
  • M
Link Following

<4:2.11.8~rc1-1
  • L
Cross-site Request Forgery (CSRF)

<4:2.11.7.1-1
  • L
Cross-site Scripting (XSS)

<4:2.11.7~rc2-1
  • L
Information Exposure

<4:2.11.5.2-1
  • M
Information Exposure

<2.11.5.1
  • M
Cross-site Request Forgery (CSRF)

<4:2.11.5-1
  • L
Cross-site Scripting (XSS)

<4:2.11.2.2-1
  • M
SQL Injection

<4:2.11.2.1-1
  • L
Cross-site Scripting (XSS)

<4:2.11.2.1-1
  • M
Cross-site Scripting (XSS)

<4:2.11.1.2-1
  • M
Cross-site Scripting (XSS)

<4:2.11.1.2-1
  • M
CVE-2007-4306

*
  • M
CVE-2007-2245

<4:2.10.1-1
  • M
CVE-2007-2016

<4:2.6.2-3
  • M
CVE-2007-1395

<4:2.10.0.2-1
  • M
CVE-2007-1325

<4:2.10.0.2-1
  • M
Cross-site Scripting (XSS)

<4:2.9.1.1-2
  • M
Improper Input Validation

<4:2.9.1.1-2
  • H
CVE-2006-6944

<4:2.9.1.1-2
  • M
CVE-2007-0341

<4:2.9.1.1-2
  • C
CVE-2007-0203

<4:2.9.1.1-2
  • M
CVE-2007-0204

<4:2.9.1.1-2
  • M
CVE-2007-0095

<4:2.9.1.1-1
  • M
CVE-2006-6373

<4:2.9.1.1-1
  • M
CVE-2006-5718

<4:2.9.0.3-1
  • M
CVE-2006-5116

<4:2.9.0.2-0.1
  • M
CVE-2006-5117

<4:2.9.0.2-0.1
  • M
CVE-2006-3388

<4:2.8.2-0.1
  • M
Cross-site Scripting (XSS)

<4:2.8.1-1
  • M
CVE-2006-2418

<4:2.8.1-1
  • L
CVE-2006-2031

<4:2.8.1-1
  • M
CVE-2006-1803

<4:2.8.1-1
  • H
CVE-2006-1804

<4:2.8.1-1
  • M
CVE-2006-1678

<4:2.8.0.3-1
  • M
CVE-2006-1258

<4:2.8.0.2-2
  • M
SQL Injection

<4:3.2.0-1
  • M
CVE-2005-3665

<4:2.6.4-pl4-2
  • M
CVE-2005-3787

<4:2.6.4-pl4-1
  • M
CVE-2005-3621

<4:2.6.4-pl4-1
  • M
CVE-2005-3622

*
  • M
CVE-2005-3301

<4:2.6.4-pl3-1
  • M
CVE-2005-3300

<4:2.6.4-pl3-1
  • M
CVE-2005-3299

<4:2.6.4-pl2-1
  • M
CVE-2005-2869

<4:2.6.4-pl1-1
  • M
CVE-2005-0544

<3:2.6.1-pl2-1
  • H
CVE-2005-0567

<3:2.6.1-pl2-1
  • M
CVE-2005-0992

<3:2.6.2-rc1-1
  • M
CVE-2005-0459

<4:2.6.2
  • M
CVE-2005-0653

<3:2.6.1-pl3-1
  • M
CVE-2004-1055

<2:2.6.0-pl3-1
  • M
Cross-site Scripting (XSS)

<3:2.6.1-pl2-1
  • C
CVE-2004-1147

<2:2.6.1-rc1-1
  • M
CVE-2004-1148

<2:2.6.1-rc1-1
  • H
CVE-2004-2632

<1:2.5.7-pl1-1
  • H
CVE-2004-2631

<1:2.5.7-pl1-1
  • H
CVE-2004-2630

<2:2.6.0-pl2-1
  • M
CVE-2004-0129

<2:2.6.0-pl2