Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/phpmyadmin/phpmyadmin@3.0.0
purl pkg:composer/phpmyadmin/phpmyadmin@3.0.0
Tags Ghost
Next non-vulnerable version 4.9.11
Latest non-vulnerable version 5.2.2
Risk 10.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-9xb8-kz1v-43bt
Aliases:
CVE-2011-2506
GHSA-p6h7-29r2-g88f
Improper Control of Generation of Code ('Code Injection') setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.
3.3.10+2
Affected by 0 other vulnerabilities.
3.4.3+1
Affected by 0 other vulnerabilities.
VCID-kbep-m12y-63c8
Aliases:
CVE-2009-3696
GHSA-5pvv-f8h3-gw96
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table.
3.2.2+1
Affected by 0 other vulnerabilities.
VCID-qrm9-716c-2ybp
Aliases:
CVE-2011-2505
GHSA-vqcm-r62w-w437
Improper Control of Generation of Code ('Code Injection') libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability."
3.3.10+2
Affected by 0 other vulnerabilities.
3.4.3+1
Affected by 0 other vulnerabilities.
VCID-zajy-wfa6-dbbt
Aliases:
CVE-2010-2958
GHSA-frv8-xjcp-hrm2
Multiple vulnerabilities were found in phpMyAdmin, the most severe of which allows the execution of arbitrary PHP code.
3.3.6
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-04T14:31:52.630203+00:00 GHSA Importer Affected by VCID-zajy-wfa6-dbbt https://github.com/advisories/GHSA-frv8-xjcp-hrm2 38.1.0
2026-04-04T14:30:49.200709+00:00 GHSA Importer Affected by VCID-qrm9-716c-2ybp https://github.com/advisories/GHSA-vqcm-r62w-w437 38.1.0
2026-04-04T14:30:49.154639+00:00 GHSA Importer Affected by VCID-9xb8-kz1v-43bt https://github.com/advisories/GHSA-p6h7-29r2-g88f 38.1.0
2026-04-03T21:26:04.186490+00:00 GitLab Importer Affected by VCID-zajy-wfa6-dbbt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2010-2958.yml 38.1.0
2026-04-01T16:00:40.274262+00:00 GHSA Importer Affected by VCID-kbep-m12y-63c8 https://github.com/advisories/GHSA-5pvv-f8h3-gw96 38.0.0
2026-04-01T12:50:38.923774+00:00 GitLab Importer Affected by VCID-9xb8-kz1v-43bt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2011-2506.yml 38.0.0
2026-04-01T12:50:37.944862+00:00 GitLab Importer Affected by VCID-qrm9-716c-2ybp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2011-2505.yml 38.0.0
2026-04-01T12:50:00.348546+00:00 GitLab Importer Affected by VCID-kbep-m12y-63c8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2009-3696.yml 38.0.0