Phpmyadmin/phpmyadmin

This hub aggregates every CVE we track for Phpmyadmin/phpmyadmin, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Phpmyadmin/phpmyadmin.

• CVE-2025-24530An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS.6.4Jan 23, 2025
• CVE-2023-25727In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.5.4Feb 13, 2023
• CVE-2020-22452SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.9.8Jan 26, 2023
• CVE-2022-0813PhpMyAdmin exposure of sensitive information5.3Mar 9, 2022
• CVE-2022-23808An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.6.1Jan 22, 2022
• CVE-2022-23807An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication...4.3Jan 22, 2022
• CVE-2020-26934phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.6.1Oct 10, 2020
• CVE-2020-26935An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search fe...9.8Oct 10, 2020
• CVE-2020-10802In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search a...8.0Mar 22, 2020
• CVE-2020-10803In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying resul...5.4Mar 22, 2020
• CVE-2020-10804In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/U...8.0Mar 22, 2020
• CVE-2020-5504In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to thi...8.8Jan 9, 2020
• CVE-2019-19617phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php.9.8Dec 6, 2019
• CVE-2019-18622An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.9.8Nov 22, 2019
• CVE-2019-12922A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.6.5Sep 13, 2019