VulnerableCode Package Details - pkg:apk/alpine/phpmyadmin@5.0.2-r0?arch=x86_64&distroversion=v3.12&reponame=community

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-ngtc-xtjn-xbhp	phpMyAdmin SQL injection vulnerability In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.	CVE-2020-10802 GHSA-f4cr-3xmc-2wpm
VCID-tks3-6uv4-kygf	phpMyAdmin SQL Injection In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).	CVE-2020-10804 GHSA-h65r-8fp8-w7cx
VCID-znfm-ak2t-mqdd	phpMyAdmin SQL injection vulnerability In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.	CVE-2020-10803 GHSA-fcww-8wvc-38q9

Vulnerability

Summary

Aliases

VCID-ngtc-xtjn-xbhp

phpMyAdmin SQL injection vulnerability In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.

CVE-2020-10802
GHSA-f4cr-3xmc-2wpm

VCID-tks3-6uv4-kygf

phpMyAdmin SQL Injection In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).

CVE-2020-10804
GHSA-h65r-8fp8-w7cx

VCID-znfm-ak2t-mqdd

phpMyAdmin SQL injection vulnerability In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.

CVE-2020-10803
GHSA-fcww-8wvc-38q9

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-06T04:52:28.554754+00:00	Alpine Linux Importer	Fixing	VCID-ngtc-xtjn-xbhp	https://secdb.alpinelinux.org/v3.12/community.json	38.1.0
2026-04-03T17:42:45.264045+00:00	Alpine Linux Importer	Fixing	VCID-tks3-6uv4-kygf	https://secdb.alpinelinux.org/v3.12/community.json	38.1.0
2026-04-01T19:14:23.635065+00:00	Alpine Linux Importer	Fixing	VCID-znfm-ak2t-mqdd	https://secdb.alpinelinux.org/v3.12/community.json	38.0.0