CVE Tools

phpmyadmin

Databasesoss-project

235

Cumulative CVEs

63

Monthly snapshots

#1

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting phpmyadmin.

CVE-2025-24530An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS.6.4Jan 23, 2025
CVE-2025-24529An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab.6.4Jan 23, 2025
CVE-2023-25727In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.5.4Feb 13, 2023
CVE-2020-22452SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.9.8Jan 26, 2023
CVE-2022-0813PhpMyAdmin exposure of sensitive information5.3Mar 9, 2022
CVE-2022-23808An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.6.1Jan 22, 2022
CVE-2022-23807An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication...4.3Jan 22, 2022
CVE-2020-22278phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents.8.8Nov 4, 2020
CVE-2020-26934phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.6.1Oct 10, 2020
CVE-2020-26935An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search fe...9.8Oct 10, 2020
CVE-2020-11441phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't s...6.1Mar 31, 2020
CVE-2020-10802In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search a...8.0Mar 22, 2020
CVE-2020-10803In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying resul...5.4Mar 22, 2020
CVE-2020-10804In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/U...8.0Mar 22, 2020
CVE-2020-5504In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to thi...8.8Jan 9, 2020