phpmyadmin vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the phpmyadmin package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS)	<4:4.2.12-2+deb8u9
H SQL Injection	<4:4.2.12-2+deb8u9
H SQL Injection	<4:4.2.12-2+deb8u8
C CVE-2019-19617	<4:4.2.12-2+deb8u7
M Cross-site Request Forgery (CSRF)	*
M Cross-site Request Forgery (CSRF)	<4:4.2.12-2+deb8u6
M CVE-2019-6799	<4:4.2.12-2+deb8u5
H Cross-site Request Forgery (CSRF)	*
M Information Exposure	<4:4.2.12-2+deb8u4
M Cross-site Scripting (XSS)	<4:4.2.12-2+deb8u4
C Improper Input Validation	*
C CVE-2017-18264	<4:4.2.12-2+deb8u3
H Improper Input Validation	*
M Cross-site Scripting (XSS)	*
M Open Redirect	*
H Improper Input Validation	*
H Improper Input Validation	*
H Server-Side Request Forgery (SSRF)	*
H Server-Side Request Forgery (SSRF)	<4:4.2.12-2+deb8u3
H SQL Injection	<4:4.2.12-2+deb8u6
H Security Features	<4:4.2.12-2+deb8u6
C Cross-site Request Forgery (CSRF)	*
C Security Features	<4:4.2.12-2+deb8u3
M Improper Input Validation	*
M Information Exposure	*
C Security Features	*
M Information Exposure	*
M Security Features	<4:4.2.12-2+deb8u6
M Improper Input Validation	*
H OS Command Injection	<4:4.2.12-2+deb8u6
M Improper Input Validation	<4:4.2.12-2+deb8u6
H Arbitrary Command Injection	<4:4.2.12-2+deb8u3
M Cryptographic Issues	*
M Security Features	<4:4.2.12-2+deb8u6
M Information Exposure	<4:4.2.12-2+deb8u6
M CVE-2016-6618	<4:4.2.12-2+deb8u3
M Cross-site Scripting (XSS)	<4:4.2.12-2+deb8u6
M Directory Traversal	<4:4.2.12-2+deb8u3
H SQL Injection	<4:4.2.12-2+deb8u6
H CVE-2016-6633	*
H SQL Injection	<4:4.2.12-2+deb8u3
M Security Features	<4:4.1.7-1
M Resource Management Errors	<4:4.2.12-2+deb8u3
M Security Features	<4:4.2.12-2+deb8u6
M Information Exposure	*
H SQL Injection	<4:4.2.12-2+deb8u3
M Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	<4:4.2.12-2+deb8u3
M Improper Input Validation	*
M Information Exposure	<4:4.2.12-2+deb8u6
M Information Exposure	*
H Cryptographic Issues	<4:4.2.12-2+deb8u6
M Resource Management Errors	<4:4.2.12-2+deb8u6
C Deserialization of Untrusted Data	<4:4.2.12-2+deb8u3
M Improper Input Validation	*
M Information Exposure	*
M Security Features	<4:4.2.12-2+deb8u6
M Information Exposure	*
M Information Exposure	<4:4.2.12-2+deb8u6
M Cross-site Scripting (XSS)	*
C Access Restriction Bypass	<4:4.2.12-2+deb8u6
M Information Exposure	*
M Information Exposure	*
M Cross-site Scripting (XSS)	<4:4.2.12-2+deb8u2
M Cross-site Scripting (XSS)	<4:4.2.12-2+deb8u2
H Resource Management Errors	<4:4.2.12-2+deb8u2
H Information Exposure	<4:4.2.12-2+deb8u2
M Arbitrary Code Injection	<4:4.2.12-2+deb8u2
M Information Exposure	*
C Arbitrary Code Injection	*
M Cross-site Scripting (XSS)	<4:4.2.12-2+deb8u2
L Security Features	*
M Cross-site Scripting (XSS)	<4:4.2.12-2+deb8u2
M Cross-site Scripting (XSS)	<4:4.2.12-2+deb8u2
M Cross-site Scripting (XSS)	<4:4.2.12-2+deb8u2
M Information Exposure	*
H Security Features	<4:4.2.12-2+deb8u2
M Cross-site Scripting (XSS)	<4:4.2.12-2+deb8u2
H Credentials Management	<4:4.2.12-2+deb8u2
M Information Exposure	<4:4.2.12-2+deb8u2
M Cross-site Scripting (XSS)	*
M Information Exposure	*
M Information Exposure	*
M Security Features	<4:4.2.12-2+deb8u1
M Information Exposure	<4:4.2.12-2+deb8u1
M Cross-site Request Forgery (CSRF)	<4:4.2.12-2+deb8u1
M Cryptographic Issues	<4:4.2.12-2+deb8u1
M Information Exposure	<4:4.2.12-2+deb8u1
L Cross-site Scripting (XSS)	<4:3.4.5-1
L Cross-site Scripting (XSS)	<4:3.4.5-1
M Resource Management Errors	<4:4.2.12-2+deb8u1
M Cross-site Scripting (XSS)	<4:4.2.12-2
L Cross-site Scripting (XSS)	<4:4.2.12-1
M Cross-site Scripting (XSS)	<4:4.2.12-2+deb8u1
M Directory Traversal	<4:4.2.12-1
M Directory Traversal	<4:4.2.12-1
M Cross-site Scripting (XSS)	<4:4.2.8.1-1
L Cross-site Scripting (XSS)	<4:4.2.10.1-1
L Cross-site Scripting (XSS)	<4:4.2.9.1-1
L Cross-site Scripting (XSS)	<4:4.2.7.1-1
L Cross-site Scripting (XSS)	<4:4.2.7.1-1
M Access Restriction Bypass	<4:4.2.6-1
L Cross-site Scripting (XSS)	<4:4.2.6-1
L Cross-site Scripting (XSS)	<4:4.2.6-1
L Cross-site Scripting (XSS)	<4:4.2.6-1
L Cross-site Scripting (XSS)	<4:4.2.5-1
L Cross-site Scripting (XSS)	<4:4.2.5-1
L Cross-site Scripting (XSS)	<4:4.1.7-1
M Improper Input Validation	<4:4.0.5-1
M Cross-site Scripting (XSS)	<4:4.0.4.2-1
L Cross-site Scripting (XSS)	<4:4.0.4.2-1
L Cross-site Scripting (XSS)	<4:4.0.4.2-1
M Information Exposure	<4:4.0.4.2-1
M SQL Injection	<4:4.0.4.2-1
M Information Exposure	<4:4.0.4.2-1
M Cross-site Scripting (XSS)	<4:4.0.4.2-1
M Information Exposure	<4:4.0.4.2-1
L Cross-site Scripting (XSS)	<4:4.0.4.2-1
L Cross-site Scripting (XSS)	<4:4.0.1-3
M Access Restriction Bypass	<4:4.0.4.1-1
M Arbitrary Code Injection	<4:3.4.11.1-2
L Cross-site Scripting (XSS)	<4:3.4.11.1-1
L Cross-site Scripting (XSS)	<4:3.4.11.1-1
M Information Exposure	<4:4.0.1-1
M Cross-site Scripting (XSS)	<4:3.4.10.1-1
M Information Exposure	<4:3.4.10.2-1
M Improper Input Validation	<4:3.4.1-1
M Cross-site Scripting (XSS)	<4:3.4.1-1
M Cross-site Scripting (XSS)	<4:3.4.9-1
M Cross-site Scripting (XSS)	<4:3.4.9-1
M Cross-site Scripting (XSS)	<4:3.4.8-1
M Improper Input Validation	<4:3.4.6-1
M Information Exposure	<4:3.4.7.1-1
M Cross-site Scripting (XSS)	<4:3.4.6-1
M Cross-site Scripting (XSS)	<4:3.4.4-1
L Cross-site Scripting (XSS)	<4:3.4.3.2-1
M Directory Traversal	<4:3.4.3.2-1
M Improper Input Validation	<4:3.4.3.2-1
M Directory Traversal	<4:3.4.3.2-1
M Directory Traversal	<4:3.4.3.1-1
M Arbitrary Code Injection	<4:3.4.3.1-1
M Arbitrary Code Injection	<4:3.4.3.1-1
H Arbitrary Code Injection	<4:3.4.3.1-1
M Improper Input Validation	<4:3.3.9.2-1
M Improper Input Validation	<4:3.3.9.2-1
M Improper Authentication	<4:3.3.7-3
M Cross-site Scripting (XSS)	<4:3.3.7-3
M Cross-site Scripting (XSS)	<4:3.3.7-2
M Cross-site Scripting (XSS)	<4:3.3.7-1
M Cross-site Scripting (XSS)	<4:3.3.6-1
M Cross-site Scripting (XSS)	<4:3.3.5.1-1
H Access Restriction Bypass	<4:3.0.0
C Cryptographic Issues	<4:3.0.0-1
M CVE-2009-4605	<4:3.2.4-1
C Access Restriction Bypass	<4:3.0.0-1
H SQL Injection	<4:3.2.2.1-1
M Cross-site Scripting (XSS)	<4:3.2.2.1-1
M Cross-site Scripting (XSS)	<4:3.2.0.1-1
H Arbitrary Code Injection	<4:3.1.3.2-1
C Arbitrary Code Injection	<4:3.1.3.1-1
H Improper Input Validation	<4:3.1.3.1-1
M Cross-site Scripting (XSS)	<4:3.1.3.1-1
M Directory Traversal	<4:3.1.3.1-1
M Cross-site Request Forgery (CSRF)	<4:2.11.8.1-5
L Cross-site Scripting (XSS)	<4:2.11.8.1-4
M Cross-site Scripting (XSS)	<4:2.11.8.1-3
H Improper Input Validation	<4:2.11.8.1-2
M Link Following	<4:2.11.8~rc1-1
L Cross-site Scripting (XSS)	<4:2.11.8~rc1-1
L Cross-site Request Forgery (CSRF)	<4:2.11.7.1-1
L Cross-site Scripting (XSS)	<4:2.11.7~rc2-1
L Information Exposure	<4:2.11.5.2-1
M Information Exposure	<2.11.5.1
M Cross-site Request Forgery (CSRF)	<4:2.11.5-1
L Cross-site Scripting (XSS)	<4:2.11.2.2-1
L Cross-site Scripting (XSS)	<4:2.11.2.1-1
M SQL Injection	<4:2.11.2.1-1
M Cross-site Scripting (XSS)	<4:2.11.1.2-1
M Cross-site Scripting (XSS)	<4:2.11.1.2-1
M CVE-2007-4306	*
M CVE-2007-2245	<4:2.10.1-1
M CVE-2007-2016	<4:2.6.2-3
M CVE-2007-1395	<4:2.10.0.2-1
M CVE-2007-1325	<4:2.10.0.2-1
M Improper Input Validation	<4:2.9.1.1-2
M Cross-site Scripting (XSS)	<4:2.9.1.1-2
H CVE-2006-6944	<4:2.9.1.1-2
M CVE-2007-0341	<4:2.9.1.1-2
C CVE-2007-0203	<4:2.9.1.1-2
M CVE-2007-0204	<4:2.9.1.1-2
M CVE-2007-0095	<4:2.9.1.1-1
M CVE-2006-6373	<4:2.9.1.1-1
M CVE-2006-5718	<4:2.9.0.3-1
M CVE-2006-5117	<4:2.9.0.2-0.1
M CVE-2006-5116	<4:2.9.0.2-0.1
M CVE-2006-3388	<4:2.8.2-0.1
M CVE-2006-2418	<4:2.8.1-1
M Cross-site Scripting (XSS)	<4:2.8.1-1
L CVE-2006-2031	<4:2.8.1-1
M CVE-2006-1803	<4:2.8.1-1
H CVE-2006-1804	<4:2.8.1-1
M CVE-2006-1678	<4:2.8.0.3-1
M CVE-2006-1258	<4:2.8.0.2-2
M SQL Injection	<4:3.2.0-1
M CVE-2005-3665	<4:2.6.4-pl4-2
M CVE-2005-3787	<4:2.6.4-pl4-1
M CVE-2005-3621	<4:2.6.4-pl4-1
M CVE-2005-3622	*
M CVE-2005-3301	<4:2.6.4-pl3-1
M CVE-2005-3300	<4:2.6.4-pl3-1
M CVE-2005-3299	<4:2.6.4-pl2-1
M CVE-2005-2869	<4:2.6.4-pl1-1
M CVE-2005-0653	<3:2.6.1-pl3-1
M CVE-2005-0992	<3:2.6.2-rc1-1
M CVE-2005-0544	<3:2.6.1-pl2-1
M CVE-2005-0459	<4:2.6.2
H CVE-2005-0567	<3:2.6.1-pl2-1
M CVE-2004-1055	<2:2.6.0-pl3-1
M Cross-site Scripting (XSS)	<3:2.6.1-pl2-1
M CVE-2004-1148	<2:2.6.1-rc1-1
C CVE-2004-1147	<2:2.6.1-rc1-1
H CVE-2004-2632	<1:2.5.7-pl1-1
H CVE-2004-2630	<2:2.6.0-pl2-1
H CVE-2004-2631	<1:2.5.7-pl1-1
M CVE-2004-0129	<2:2.6.0-pl2