Phpmyadmin CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (272 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2006-1803	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter.
CVE-2006-1804	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter.
CVE-2006-2417	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031.
CVE-2006-2418	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts.
CVE-2006-3388	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter.
CVE-2005-2869	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php.
CVE-2005-3299	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.
CVE-2004-2631	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name.
CVE-2005-3301	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php.
CVE-2001-0478	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.
CVE-2005-3622	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory.
CVE-2004-2632	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.
CVE-2005-3665	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation.
CVE-2004-0129	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter.
CVE-2005-3787	1 Phpmyadmin	1 Phpmyadmin	2026-04-16	N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog.
CVE-2025-24530	1 Phpmyadmin	1 Phpmyadmin	2026-04-15	6.4 Medium
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS.
CVE-2025-24529	1 Phpmyadmin	1 Phpmyadmin	2026-04-15	6.4 Medium
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab.
CVE-2023-25727	1 Phpmyadmin	1 Phpmyadmin	2025-11-03	5.4 Medium
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.
CVE-2009-1151	2 Debian, Phpmyadmin	2 Debian Linux, Phpmyadmin	2025-10-22	9.8 Critical
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
CVE-2022-23808	1 Phpmyadmin	1 Phpmyadmin	2025-05-05	6.1 Medium
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.

« first previous Page 2 of 14. next last »