Homepage

phpmyadmin vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the phpmyadmin package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • L
Information Exposure

*
  • L
Improper Authentication

*
  • L
Cross-site Scripting (XSS)

*
  • L
Resource Exhaustion

*
  • C
SQL Injection

<4:4.6.6-4+deb9u2
  • M
Cross-site Scripting (XSS)

<4:4.6.6-4+deb9u2
  • L
Arbitrary Code Injection

*
  • M
Cross-site Scripting (XSS)

<4:4.6.6-4+deb9u1
  • H
SQL Injection

<4:4.6.6-4+deb9u1
  • H
SQL Injection

<4:4.6.6-4+deb9u1
  • H
SQL Injection

<4:4.6.6-4+deb9u1
  • C
CVE-2019-19617

<4:4.6.6-4+deb9u2
  • L
Cross-site Request Forgery (CSRF)

*
  • M
Cross-site Request Forgery (CSRF)

<4:4.6.6-4+deb9u1
  • C
SQL Injection

<4:4.6.6-4+deb9u1
  • M
CVE-2019-6799

<4:4.6.6-4+deb9u1
  • C
SQL Injection

<4:4.6.6-4+deb9u1
  • M
Cross-site Scripting (XSS)

<4:4.6.6-4+deb9u1
  • M
Information Exposure

<4:4.6.6-4+deb9u1
  • L
Cross-site Request Forgery (CSRF)

*
  • L
Improper Input Validation

<4:4.6.6-1
  • C
CVE-2017-18264

<4:4.6.6-2
  • M
Cross-site Scripting (XSS)

<4:4.6.6-4+deb9u1
  • L
Improper Input Validation

<4:4.6.6-1
  • L
Server-Side Request Forgery (SSRF)

<4:4.6.6-1
  • L
Cross-site Scripting (XSS)

<4:4.6.6-1
  • L
Open Redirect

<4:4.6.6-1
  • L
Improper Input Validation

<4:4.6.6-1
  • L
Improper Input Validation

<4:4.6.6-1
  • H
Server-Side Request Forgery (SSRF)

<4:4.6.6-1
  • L
Cross-site Request Forgery (CSRF)

<4:4.6.5.1-1
  • H
SQL Injection

<4:4.6.5.1-1
  • C
Security Features

<4:4.6.5.1-1
  • H
Arbitrary Code Injection

<4:4.6.5.1-1
  • L
Improper Input Validation

<4:4.6.5.1-1
  • L
Improper Input Validation

<4:4.6.5.1-1
  • L
Security Features

<4:4.6.5.1-1
  • M
CVE-2016-6618

<4:4.6.4+dfsg1-1
  • M
Security Features

<4:4.6.4+dfsg1-1
  • L
Information Exposure

<4:4.6.5.1-1
  • H
SQL Injection

<4:4.6.4+dfsg1-1
  • H
SQL Injection

<4:4.6.4+dfsg1-1
  • L
Information Exposure

<4:4.6.4+dfsg1-1
  • H
Arbitrary Command Injection

<4:4.6.4+dfsg1-1
  • L
Information Exposure

<4:4.6.5.1-1
  • M
Information Exposure

<4:4.6.4+dfsg1-1
  • L
Cross-site Scripting (XSS)

<4:4.6.5.1-1
  • M
Cross-site Scripting (XSS)

<4:4.6.4+dfsg1-1
  • H
SQL Injection

<4:4.6.4+dfsg1-1
  • L
Information Exposure

<4:4.6.5.1-1
  • M
Resource Management Errors

<4:4.6.4+dfsg1-1
  • H
Cryptographic Issues

<4:4.6.4+dfsg1-1
  • L
Information Exposure

<4:4.6.5.1-1
  • L
Improper Input Validation

<4:4.6.5.1-1
  • M
Improper Input Validation

<4:4.6.4+dfsg1-1
  • L
Security Features

<4:4.6.5.1-1
  • L
Information Exposure

<4:4.6.5.1-1
  • M
Directory Traversal

<4:4.6.4+dfsg1-1
  • H
OS Command Injection

<4:4.6.4+dfsg1-1
  • L
Improper Input Validation

<4:4.6.5.1-1
  • L
Cryptographic Issues

<4:4.6.5.1-1
  • M
Security Features

<4:4.6.4+dfsg1-1
  • M
Information Exposure

<4:4.6.4+dfsg1-1
  • L
Information Exposure

<4:4.6.4+dfsg1-1
  • H
SQL Injection

<4:4.6.4+dfsg1-1
  • L
CVE-2016-6633

<4:4.6.4+dfsg1-1
  • M
Cross-site Scripting (XSS)

<4:4.6.4+dfsg1-1
  • M
Improper Input Validation

<4:4.6.4+dfsg1-1
  • L
Cross-site Scripting (XSS)

<4:4.6.5.1-1
  • M
Security Features

<4:4.1.7-1
  • L
Security Features

<4:4.6.5.1-1
  • C
Access Restriction Bypass

<4:4.6.5.1-1
  • M
Resource Management Errors

<4:4.6.4+dfsg1-1
  • C
Deserialization of Untrusted Data

<4:4.6.4+dfsg1-1
  • M
Information Exposure

<4:4.6.4+dfsg1-1
  • M
Cross-site Scripting (XSS)

<4:4.6.4+dfsg1-1
  • C
Security Features

<4:4.6.4+dfsg1-1
  • M
Security Features

<4:4.6.4+dfsg1-1
  • L
Information Exposure

<4:4.6.2-1
  • L
Cross-site Scripting (XSS)

<4:4.6.2-1
  • M
Cross-site Scripting (XSS)

<4:4.6.3-1
  • L
Resource Management Errors

<4:4.6.3-1
  • M
Arbitrary Code Injection

<4:4.6.3-1
  • C
Arbitrary Code Injection

<4:4.6.3-1
  • H
Information Exposure

<4:4.6.3-1
  • M
Cross-site Scripting (XSS)

<4:4.6.3-1
  • M
Cross-site Scripting (XSS)

<4:4.6.3-1
  • C
SQL Injection

<4:4.6.3-1
  • M
Cross-site Scripting (XSS)

<4:4.6.3-1
  • L
Security Features

<4:4.6.3-1
  • L
Information Exposure

<4:4.6.3-1
  • L
Cross-site Scripting (XSS)

<4:4.6.3-1
  • L
Cross-site Scripting (XSS)

<4:4.5.5.1-1
  • L
Cross-site Scripting (XSS)

<4:4.5.5.1-1
  • M
Cross-site Scripting (XSS)

<4:4.5.5.1-1
  • L
Improper Input Validation

<4:4.5.5.1-1
  • H
Credentials Management

<4:4.5.4-1
  • L
Information Exposure

<4:4.5.4-1
  • L
Cross-site Scripting (XSS)

<4:4.5.4-1
  • M
Information Exposure

<4:4.5.4-1
  • L
Information Exposure

<4:4.5.4-1
  • H
Security Features

<4:4.5.4-1
  • M
Information Exposure

<4:4.5.4-1
  • M
Cross-site Scripting (XSS)

<4:4.5.4-1
  • M
Cross-site Scripting (XSS)

<4:4.5.4-1
  • L
Information Exposure

<4:4.5.3.1-1
  • L
Security Features

<4:4.5.1-1
  • L
Information Exposure

<4:4.4.14.1-1
  • L
Cryptographic Issues

<4:4.4.6.1-1
  • L
Cross-site Request Forgery (CSRF)

<4:4.4.6.1-1
  • L
Information Exposure

<4:4.4.4-1
  • L
Cross-site Scripting (XSS)

<4:3.4.5-1
  • L
Cross-site Scripting (XSS)

<4:3.4.5-1
  • M
Cross-site Scripting (XSS)

<4:4.2.12-2
  • L
Resource Management Errors

<4:4.2.12-2
  • L
Cross-site Scripting (XSS)

<4:4.2.12-1
  • L
Cross-site Scripting (XSS)

<4:4.2.12-1
  • M
Directory Traversal

<4:4.2.12-1
  • M
Directory Traversal

<4:4.2.12-1
  • M
Cross-site Scripting (XSS)

<4:4.2.8.1-1
  • L
Cross-site Scripting (XSS)

<4:4.2.10.1-1
  • L
Cross-site Scripting (XSS)

<4:4.2.9.1-1
  • L
Cross-site Scripting (XSS)

<4:4.2.7.1-1
  • L
Cross-site Scripting (XSS)

<4:4.2.7.1-1
  • L
Cross-site Scripting (XSS)

<4:4.2.6-1
  • L
Access Restriction Bypass

<4:4.2.6-1
  • L
Cross-site Scripting (XSS)

<4:4.2.6-1
  • L
Cross-site Scripting (XSS)

<4:4.2.6-1
  • L
Cross-site Scripting (XSS)

<4:4.2.5-1
  • L
Cross-site Scripting (XSS)

<4:4.2.5-1
  • L
Cross-site Scripting (XSS)

<4:4.1.7-1
  • M
Improper Input Validation

<4:4.0.5-1
  • M
SQL Injection

<4:4.0.4.2-1
  • L
Information Exposure

<4:4.0.4.2-1
  • L
Information Exposure

<4:4.0.4.2-1
  • L
Information Exposure

<4:4.0.4.2-1
  • M
Cross-site Scripting (XSS)

<4:4.0.4.2-1
  • M
Cross-site Scripting (XSS)

<4:4.0.4.2-1
  • L
Cross-site Scripting (XSS)

<4:4.0.4.2-1
  • L
Cross-site Scripting (XSS)

<4:4.0.4.2-1
  • L
Cross-site Scripting (XSS)

<4:4.0.4.2-1
  • M
Access Restriction Bypass

<4:4.0.4.1-1
  • L
Cross-site Scripting (XSS)

<4:4.0.1-3
  • M
Arbitrary Code Injection

<4:3.4.11.1-2
  • L
Cross-site Scripting (XSS)

<4:3.4.11.1-1
  • L
Cross-site Scripting (XSS)

<4:3.4.11.1-1
  • L
Information Exposure

<4:4.0.1-1
  • L
Cross-site Scripting (XSS)

<4:3.4.10.1-1
  • L
Information Exposure

<4:3.4.10.2-1
  • M
Cross-site Scripting (XSS)

<4:3.4.1-1
  • M
Improper Input Validation

<4:3.4.1-1
  • L
Cross-site Scripting (XSS)

<4:3.4.9-1
  • L
Cross-site Scripting (XSS)

<4:3.4.8-1
  • L
Cross-site Scripting (XSS)

<4:3.4.9-1
  • M
Information Exposure

<4:3.4.7.1-1
  • L
Improper Input Validation

<4:3.4.6-1
  • L
Cross-site Scripting (XSS)

<4:3.4.6-1
  • M
Cross-site Scripting (XSS)

<4:3.4.4-1
  • M
Directory Traversal

<4:3.4.3.2-1
  • M
Directory Traversal

<4:3.4.3.2-1
  • L
Cross-site Scripting (XSS)

<4:3.4.3.2-1
  • L
Improper Input Validation

<4:3.4.3.2-1
  • M
Arbitrary Code Injection

<4:3.4.3.1-1
  • L
Arbitrary Code Injection

<4:3.4.3.1-1
  • L
Arbitrary Code Injection

<4:3.4.3.1-1
  • M
Directory Traversal

<4:3.4.3.1-1
  • L
Improper Input Validation

<4:3.3.9.2-1
  • M
Improper Input Validation

<4:3.3.9.2-1
  • M
Improper Authentication

<4:3.3.7-3
  • M
Cross-site Scripting (XSS)

<4:3.3.7-3
  • M
Cross-site Scripting (XSS)

<4:3.3.7-2
  • L
Cross-site Scripting (XSS)

<4:3.3.7-1
  • M
Cross-site Scripting (XSS)

<4:3.3.6-1
  • M
Cross-site Scripting (XSS)

<4:3.3.5.1-1
  • H
Access Restriction Bypass

<4:3.0.0
  • M
CVE-2009-4605

<4:3.2.4-1
  • C
Access Restriction Bypass

<4:3.0.0-1
  • C
Cryptographic Issues

<4:3.0.0-1
  • M
Cross-site Scripting (XSS)

<4:3.2.2.1-1
  • H
SQL Injection

<4:3.2.2.1-1
  • M
Cross-site Scripting (XSS)

<4:3.2.0.1-1
  • L
Arbitrary Code Injection

<4:3.1.3.2-1
  • M
Directory Traversal

<4:3.1.3.1-1
  • M
Cross-site Scripting (XSS)

<4:3.1.3.1-1
  • H
Improper Input Validation

<4:3.1.3.1-1
  • C
Arbitrary Code Injection

<4:3.1.3.1-1
  • M
Cross-site Request Forgery (CSRF)

<4:2.11.8.1-5
  • L
Cross-site Scripting (XSS)

<4:2.11.8.1-4
  • M
Cross-site Scripting (XSS)

<4:2.11.8.1-3
  • M
Improper Input Validation

<4:2.11.8.1-2
  • L
Cross-site Scripting (XSS)

<4:2.11.8~rc1-1
  • L
Link Following

<4:2.11.8~rc1-1
  • L
Cross-site Request Forgery (CSRF)

<4:2.11.7.1-1
  • L
Cross-site Scripting (XSS)

<4:2.11.7~rc2-1
  • L
Information Exposure

<4:2.11.5.2-1
  • M
Information Exposure

<2.11.5.1
  • L
Cross-site Request Forgery (CSRF)

<4:2.11.5-1
  • L
Cross-site Scripting (XSS)

<4:2.11.2.2-1
  • L
SQL Injection

<4:2.11.2.1-1
  • L
Cross-site Scripting (XSS)

<4:2.11.2.1-1
  • M
Cross-site Scripting (XSS)

<4:2.11.1.2-1
  • M
Cross-site Scripting (XSS)

<4:2.11.1.2-1
  • L
CVE-2007-4306

*
  • L
CVE-2007-2245

<4:2.10.1-1
  • L
CVE-2007-2016

<4:2.6.2-3
  • M
CVE-2007-1395

<4:2.10.0.2-1
  • M
CVE-2007-1325

<4:2.10.0.2-1
  • M
Cross-site Scripting (XSS)

<4:2.9.1.1-2
  • M
CVE-2006-6944

<4:2.9.1.1-2
  • L
Improper Input Validation

<4:2.9.1.1-2
  • M
CVE-2007-0341

<4:2.9.1.1-2
  • L
CVE-2007-0203

<4:2.9.1.1-2
  • L
CVE-2007-0204

<4:2.9.1.1-2
  • L
CVE-2007-0095

<4:2.9.1.1-1
  • L
CVE-2006-6373

<4:2.9.1.1-1
  • L
CVE-2006-5718

<4:2.9.0.3-1
  • L
CVE-2006-5116

<4:2.9.0.2-0.1
  • L
CVE-2006-5117

<4:2.9.0.2-0.1
  • L
CVE-2006-3388

<4:2.8.2-0.1
  • M
Cross-site Scripting (XSS)

<4:2.8.1-1
  • M
CVE-2006-2418

<4:2.8.1-1
  • L
CVE-2006-2031

<4:2.8.1-1
  • L
CVE-2006-1804

<4:2.8.1-1
  • L
CVE-2006-1803

<4:2.8.1-1
  • M
CVE-2006-1678

<4:2.8.0.3-1
  • M
CVE-2006-1258

<4:2.8.0.2-2
  • L
SQL Injection

<4:3.2.0-1
  • M
CVE-2005-3665

<4:2.6.4-pl4-2
  • M
CVE-2005-3787

<4:2.6.4-pl4-1
  • L
CVE-2005-3622

*
  • M
CVE-2005-3621

<4:2.6.4-pl4-1
  • M
CVE-2005-3301

<4:2.6.4-pl3-1
  • H
CVE-2005-3299

<4:2.6.4-pl2-1
  • H
CVE-2005-3300

<4:2.6.4-pl3-1
  • M
CVE-2005-2869

<4:2.6.4-pl1-1
  • M
CVE-2005-0544

<3:2.6.1-pl2-1
  • L
CVE-2005-0459

<4:2.6.2
  • M
CVE-2005-0992

<3:2.6.2-rc1-1
  • M
CVE-2005-0653

<3:2.6.1-pl3-1
  • H
CVE-2005-0567

<3:2.6.1-pl2-1
  • M
CVE-2004-1055

<2:2.6.0-pl3-1
  • M
Cross-site Scripting (XSS)

<3:2.6.1-pl2-1
  • C
CVE-2004-1147

<2:2.6.1-rc1-1
  • M
CVE-2004-1148

<2:2.6.1-rc1-1
  • H
CVE-2004-2630

<2:2.6.0-pl2-1
  • H
CVE-2004-2631

<1:2.5.7-pl1-1
  • H
CVE-2004-2632

<1:2.5.7-pl1-1
  • M
CVE-2004-0129

<2:2.6.0-pl2