phpmyadmin vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the phpmyadmin package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS)	<4:4.2.12-2+deb8u9
H SQL Injection	<4:4.2.12-2+deb8u9
H SQL Injection	<4:4.2.12-2+deb8u8
C CVE-2019-19617	<4:4.2.12-2+deb8u7
M Cross-site Request Forgery (CSRF)	*
M Cross-site Request Forgery (CSRF)	<4:4.2.12-2+deb8u6
M CVE-2019-6799	<4:4.2.12-2+deb8u5
M Information Exposure	<4:4.2.12-2+deb8u4
M Cross-site Scripting (XSS)	<4:4.2.12-2+deb8u4
H Cross-site Request Forgery (CSRF)	*
C Improper Input Validation	*
C CVE-2017-18264	<4:4.2.12-2+deb8u3
H Improper Input Validation	*
M Open Redirect	*
M Cross-site Scripting (XSS)	*
H Improper Input Validation	*
H Server-Side Request Forgery (SSRF)	*
H Improper Input Validation	*
H Server-Side Request Forgery (SSRF)	<4:4.2.12-2+deb8u3
M Improper Input Validation	*
C Security Features	<4:4.2.12-2+deb8u3
C Cross-site Request Forgery (CSRF)	*
H Security Features	<4:4.2.12-2+deb8u6
H SQL Injection	<4:4.2.12-2+deb8u6
M Improper Input Validation	<4:4.2.12-2+deb8u6
M CVE-2016-6618	<4:4.2.12-2+deb8u3
M Security Features	<4:4.2.12-2+deb8u6
M Information Exposure	<4:4.2.12-2+deb8u6
M Directory Traversal	<4:4.2.12-2+deb8u3
H SQL Injection	<4:4.2.12-2+deb8u6
H SQL Injection	<4:4.2.12-2+deb8u3
M Cross-site Scripting (XSS)	<4:4.2.12-2+deb8u3
M Information Exposure	*
M Information Exposure	*
C Security Features	*
M Information Exposure	*
M Security Features	<4:4.2.12-2+deb8u6
H Arbitrary Command Injection	<4:4.2.12-2+deb8u3
M Cross-site Scripting (XSS)	<4:4.2.12-2+deb8u6
H OS Command Injection	<4:4.2.12-2+deb8u6
M Security Features	<4:4.1.7-1
M Information Exposure	*
M Information Exposure	<4:4.2.12-2+deb8u6
H Cryptographic Issues	<4:4.2.12-2+deb8u6
M Security Features	<4:4.2.12-2+deb8u6
M Security Features	<4:4.2.12-2+deb8u6
M Information Exposure	*
M Cross-site Scripting (XSS)	*
M Improper Input Validation	*
M Information Exposure	*
M Improper Input Validation	*
C Deserialization of Untrusted Data	<4:4.2.12-2+deb8u3
M Resource Management Errors	<4:4.2.12-2+deb8u6
M Information Exposure	<4:4.2.12-2+deb8u6
M Improper Input Validation	*
M Cross-site Scripting (XSS)	*
M Resource Management Errors	<4:4.2.12-2+deb8u3
H SQL Injection	<4:4.2.12-2+deb8u3
M Information Exposure	*
H CVE-2016-6633	*
C Access Restriction Bypass	<4:4.2.12-2+deb8u6
M Cryptographic Issues	*
M Cross-site Scripting (XSS)	<4:4.2.12-2+deb8u2
M Information Exposure	*
H Information Exposure	<4:4.2.12-2+deb8u2
M Cross-site Scripting (XSS)	<4:4.2.12-2+deb8u2
H Resource Management Errors	<4:4.2.12-2+deb8u2
M Information Exposure	*
M Cross-site Scripting (XSS)	<4:4.2.12-2+deb8u2
M Cross-site Scripting (XSS)	<4:4.2.12-2+deb8u2
L Security Features	*
M Arbitrary Code Injection	<4:4.2.12-2+deb8u2
C Arbitrary Code Injection	*
M Cross-site Scripting (XSS)	<4:4.2.12-2+deb8u2
M Cross-site Scripting (XSS)	<4:4.2.12-2+deb8u2
H Credentials Management	<4:4.2.12-2+deb8u2
M Cross-site Scripting (XSS)	*
H Security Features	<4:4.2.12-2+deb8u2
M Information Exposure	*
M Information Exposure	<4:4.2.12-2+deb8u2
M Information Exposure	*
M Cross-site Scripting (XSS)	<4:4.2.12-2+deb8u2
M Information Exposure	*
M Security Features	<4:4.2.12-2+deb8u1
M Information Exposure	<4:4.2.12-2+deb8u1
M Cross-site Request Forgery (CSRF)	<4:4.2.12-2+deb8u1
M Cryptographic Issues	<4:4.2.12-2+deb8u1
M Information Exposure	<4:4.2.12-2+deb8u1
L Cross-site Scripting (XSS)	<4:3.4.5-1
L Cross-site Scripting (XSS)	<4:3.4.5-1
M Resource Management Errors	<4:4.2.12-2+deb8u1
M Cross-site Scripting (XSS)	<4:4.2.12-2
M Directory Traversal	<4:4.2.12-1
M Directory Traversal	<4:4.2.12-1
L Cross-site Scripting (XSS)	<4:4.2.12-1
M Cross-site Scripting (XSS)	<4:4.2.12-2+deb8u1
M Cross-site Scripting (XSS)	<4:4.2.8.1-1
L Cross-site Scripting (XSS)	<4:4.2.10.1-1
L Cross-site Scripting (XSS)	<4:4.2.9.1-1
L Cross-site Scripting (XSS)	<4:4.2.7.1-1
L Cross-site Scripting (XSS)	<4:4.2.7.1-1
L Cross-site Scripting (XSS)	<4:4.2.6-1
L Cross-site Scripting (XSS)	<4:4.2.6-1
M Access Restriction Bypass	<4:4.2.6-1
L Cross-site Scripting (XSS)	<4:4.2.6-1
L Cross-site Scripting (XSS)	<4:4.2.5-1
L Cross-site Scripting (XSS)	<4:4.2.5-1
L Cross-site Scripting (XSS)	<4:4.1.7-1
M Improper Input Validation	<4:4.0.5-1
M Cross-site Scripting (XSS)	<4:4.0.4.2-1
M Information Exposure	<4:4.0.4.2-1
M Information Exposure	<4:4.0.4.2-1
M SQL Injection	<4:4.0.4.2-1
L Cross-site Scripting (XSS)	<4:4.0.4.2-1
L Cross-site Scripting (XSS)	<4:4.0.4.2-1
L Cross-site Scripting (XSS)	<4:4.0.4.2-1
M Cross-site Scripting (XSS)	<4:4.0.4.2-1
M Information Exposure	<4:4.0.4.2-1
L Cross-site Scripting (XSS)	<4:4.0.1-3
M Access Restriction Bypass	<4:4.0.4.1-1
M Arbitrary Code Injection	<4:3.4.11.1-2
L Cross-site Scripting (XSS)	<4:3.4.11.1-1
L Cross-site Scripting (XSS)	<4:3.4.11.1-1
M Information Exposure	<4:4.0.1-1
M Cross-site Scripting (XSS)	<4:3.4.10.1-1
M Information Exposure	<4:3.4.10.2-1
M Improper Input Validation	<4:3.4.1-1
M Cross-site Scripting (XSS)	<4:3.4.1-1
M Cross-site Scripting (XSS)	<4:3.4.9-1
M Cross-site Scripting (XSS)	<4:3.4.9-1
M Cross-site Scripting (XSS)	<4:3.4.8-1
M Information Exposure	<4:3.4.7.1-1
M Improper Input Validation	<4:3.4.6-1
M Cross-site Scripting (XSS)	<4:3.4.6-1
M Cross-site Scripting (XSS)	<4:3.4.4-1
M Improper Input Validation	<4:3.4.3.2-1
L Cross-site Scripting (XSS)	<4:3.4.3.2-1
M Directory Traversal	<4:3.4.3.2-1
M Directory Traversal	<4:3.4.3.2-1
M Directory Traversal	<4:3.4.3.1-1
M Arbitrary Code Injection	<4:3.4.3.1-1
H Arbitrary Code Injection	<4:3.4.3.1-1
M Arbitrary Code Injection	<4:3.4.3.1-1
M Improper Input Validation	<4:3.3.9.2-1
M Improper Input Validation	<4:3.3.9.2-1
M Improper Authentication	<4:3.3.7-3
M Cross-site Scripting (XSS)	<4:3.3.7-3
M Cross-site Scripting (XSS)	<4:3.3.7-2
M Cross-site Scripting (XSS)	<4:3.3.7-1
M Cross-site Scripting (XSS)	<4:3.3.6-1
M Cross-site Scripting (XSS)	<4:3.3.5.1-1
H Access Restriction Bypass	<4:3.0.0
M CVE-2009-4605	<4:3.2.4-1
C Access Restriction Bypass	<4:3.0.0-1
C Cryptographic Issues	<4:3.0.0-1
H SQL Injection	<4:3.2.2.1-1
M Cross-site Scripting (XSS)	<4:3.2.2.1-1
M Cross-site Scripting (XSS)	<4:3.2.0.1-1
H Arbitrary Code Injection	<4:3.1.3.2-1
M Directory Traversal	<4:3.1.3.1-1
C Arbitrary Code Injection	<4:3.1.3.1-1
H Improper Input Validation	<4:3.1.3.1-1
M Cross-site Scripting (XSS)	<4:3.1.3.1-1
M Cross-site Request Forgery (CSRF)	<4:2.11.8.1-5
L Cross-site Scripting (XSS)	<4:2.11.8.1-4
M Cross-site Scripting (XSS)	<4:2.11.8.1-3
H Improper Input Validation	<4:2.11.8.1-2
M Link Following	<4:2.11.8~rc1-1
L Cross-site Scripting (XSS)	<4:2.11.8~rc1-1
L Cross-site Request Forgery (CSRF)	<4:2.11.7.1-1
L Cross-site Scripting (XSS)	<4:2.11.7~rc2-1
L Information Exposure	<4:2.11.5.2-1
M Information Exposure	<2.11.5.1
M Cross-site Request Forgery (CSRF)	<4:2.11.5-1
L Cross-site Scripting (XSS)	<4:2.11.2.2-1
M SQL Injection	<4:2.11.2.1-1
L Cross-site Scripting (XSS)	<4:2.11.2.1-1
M Cross-site Scripting (XSS)	<4:2.11.1.2-1
M Cross-site Scripting (XSS)	<4:2.11.1.2-1
M CVE-2007-4306	*
M CVE-2007-2245	<4:2.10.1-1
M CVE-2007-2016	<4:2.6.2-3
M CVE-2007-1395	<4:2.10.0.2-1
M CVE-2007-1325	<4:2.10.0.2-1
M Cross-site Scripting (XSS)	<4:2.9.1.1-2
M Improper Input Validation	<4:2.9.1.1-2
H CVE-2006-6944	<4:2.9.1.1-2
M CVE-2007-0341	<4:2.9.1.1-2
M CVE-2007-0204	<4:2.9.1.1-2
C CVE-2007-0203	<4:2.9.1.1-2
M CVE-2007-0095	<4:2.9.1.1-1
M CVE-2006-6373	<4:2.9.1.1-1
M CVE-2006-5718	<4:2.9.0.3-1
M CVE-2006-5117	<4:2.9.0.2-0.1
M CVE-2006-5116	<4:2.9.0.2-0.1
M CVE-2006-3388	<4:2.8.2-0.1
M CVE-2006-2418	<4:2.8.1-1
M Cross-site Scripting (XSS)	<4:2.8.1-1
L CVE-2006-2031	<4:2.8.1-1
H CVE-2006-1804	<4:2.8.1-1
M CVE-2006-1803	<4:2.8.1-1
M CVE-2006-1678	<4:2.8.0.3-1
M CVE-2006-1258	<4:2.8.0.2-2
M SQL Injection	<4:3.2.0-1
M CVE-2005-3665	<4:2.6.4-pl4-2
M CVE-2005-3787	<4:2.6.4-pl4-1
M CVE-2005-3621	<4:2.6.4-pl4-1
M CVE-2005-3622	*
M CVE-2005-3301	<4:2.6.4-pl3-1
M CVE-2005-3299	<4:2.6.4-pl2-1
M CVE-2005-3300	<4:2.6.4-pl3-1
M CVE-2005-2869	<4:2.6.4-pl1-1
M CVE-2005-0544	<3:2.6.1-pl2-1
H CVE-2005-0567	<3:2.6.1-pl2-1
M CVE-2005-0653	<3:2.6.1-pl3-1
M CVE-2005-0992	<3:2.6.2-rc1-1
M CVE-2005-0459	<4:2.6.2
M CVE-2004-1055	<2:2.6.0-pl3-1
M Cross-site Scripting (XSS)	<3:2.6.1-pl2-1
C CVE-2004-1147	<2:2.6.1-rc1-1
M CVE-2004-1148	<2:2.6.1-rc1-1
H CVE-2004-2632	<1:2.5.7-pl1-1
H CVE-2004-2631	<1:2.5.7-pl1-1
H CVE-2004-2630	<2:2.6.0-pl2-1
M CVE-2004-0129	<2:2.6.0-pl2