Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/phpmyadmin/phpmyadmin@3.3.0
purl pkg:composer/phpmyadmin/phpmyadmin@3.3.0
Tags Ghost
Next non-vulnerable version 4.9.11
Latest non-vulnerable version 5.2.2
Risk 10.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-ejnb-3ya3-uqa6
Aliases:
CVE-2011-1940
GHSA-4q58-5x28-53wv
phpMyAdmin Vulnerable to Cross-Site Scripting Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php.
3.3.10+1
Affected by 0 other vulnerabilities.
3.4.1
Affected by 0 other vulnerabilities.
VCID-gs9p-kgrd-vqd4
Aliases:
CVE-2011-0986
GHSA-wcmm-28rg-mg3r
Multiple vulnerabilities were found in phpMyAdmin, the most severe of which allows the execution of arbitrary PHP code.
3.3.9+1
Affected by 0 other vulnerabilities.
VCID-jypm-yg7x-p3cn
Aliases:
CVE-2011-4107
GHSA-q4mm-89q2-xffg
Improper Restriction of XML External Entity Reference The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
3.3.10+5
Affected by 0 other vulnerabilities.
3.4.7+1
Affected by 0 other vulnerabilities.
VCID-z6t5-jasy-vbfs
Aliases:
CVE-2011-2508
GHSA-q6vw-39cg-wjjf
phpMyAdmin Directory Traversal vulnerability Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter.
3.3.10+2
Affected by 0 other vulnerabilities.
3.4.3+1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-04T14:31:49.930382+00:00 GHSA Importer Affected by VCID-ejnb-3ya3-uqa6 https://github.com/advisories/GHSA-4q58-5x28-53wv 38.1.0
2026-04-04T14:31:16.673257+00:00 GHSA Importer Affected by VCID-gs9p-kgrd-vqd4 https://github.com/advisories/GHSA-wcmm-28rg-mg3r 38.1.0
2026-04-04T14:31:15.350562+00:00 GHSA Importer Affected by VCID-jypm-yg7x-p3cn https://github.com/advisories/GHSA-q4mm-89q2-xffg 38.1.0
2026-04-04T14:30:49.246727+00:00 GHSA Importer Affected by VCID-z6t5-jasy-vbfs https://github.com/advisories/GHSA-q6vw-39cg-wjjf 38.1.0
2026-04-03T21:25:55.056111+00:00 GitLab Importer Affected by VCID-gs9p-kgrd-vqd4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2011-0986.yml 38.1.0
2026-04-01T12:50:43.993243+00:00 GitLab Importer Affected by VCID-jypm-yg7x-p3cn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2011-4107.yml 38.0.0
2026-04-01T12:50:43.785280+00:00 GitLab Importer Affected by VCID-ejnb-3ya3-uqa6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2011-1940.yml 38.0.0
2026-04-01T12:50:36.813770+00:00 GitLab Importer Affected by VCID-z6t5-jasy-vbfs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2011-2508.yml 38.0.0