Phpmyadmin CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (272 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2007-0341	1 Phpmyadmin	1 Phpmyadmin	2026-04-23	N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
CVE-2009-1150	1 Phpmyadmin	1 Phpmyadmin	2026-04-23	N/A
Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie.
CVE-2008-7252	1 Phpmyadmin	1 Phpmyadmin	2026-04-23	N/A
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.
CVE-2009-1151	2 Debian, Phpmyadmin	2 Debian Linux, Phpmyadmin	2026-04-22	9.8 Critical
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
CVE-2004-2632	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.
CVE-2004-2631	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name.
CVE-2005-2869	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php.
CVE-2006-1803	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter.
CVE-2006-2418	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts.
CVE-2006-3388	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter.
CVE-2006-2417	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031.
CVE-2005-1392	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script.
CVE-2006-1678	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory.
CVE-2006-1258	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter.
CVE-2005-3621	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.
CVE-2005-3622	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory.
CVE-2005-4079	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the import_blacklist variable in grab_globals.php, which can then be used to overwrite other variables.
CVE-2006-1804	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter.
CVE-2005-0543	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.
CVE-2004-1055	2 Gentoo, Phpmyadmin	2 Linux, Phpmyadmin	2026-04-16	N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser.

« first previous Page 3 of 14. next last »