VulnerableCode Package Details - pkg:composer/phpmyadmin/phpmyadmin@3.5.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-1dhd-3ayw-6kg3 Aliases: CVE-2013-4997 GHSA-5gh4-v2ch-pcx4	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitle (aka chart title) value.	3.5.8+2 Affected by 0 other vulnerabilities.
VCID-2n2q-cm1n-cqdr Aliases: CVE-2013-3239 GHSA-gg36-9346-9qx9	Multiple vulnerabilities have been found in phpMyAdmin, allowing remote authenticated attackers to execute arbitrary code, inject SQL code or conduct other attacks.	3.5.8+1 Affected by 0 other vulnerabilities.
VCID-46c2-r8g1-13ez Aliases: CVE-2012-4345 GHSA-r3pq-mp8v-cp33	phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name.	3.5.2+2 Affected by 0 other vulnerabilities.
VCID-5288-gx4v-7bh4 Aliases: CVE-2012-5368 GHSA-xpxp-v33m-5jp9	phpMyAdmin Unsafe Fetching of Javascript Code phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code.	3.5.3 Affected by 0 other vulnerabilities.
VCID-dby9-xw23-huf5 Aliases: CVE-2012-4579 GHSA-q7v2-w38r-pv7v	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345.	3.5.2+2 Affected by 0 other vulnerabilities.
VCID-kke6-fqmn-pug2 Aliases: CVE-2012-5339 GHSA-rfpg-2fp8-2fph	phpMyAdmin multiple cross-site scripting vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger.	3.5.3 Affected by 0 other vulnerabilities.
VCID-q2be-73wp-tbav Aliases: CVE-2013-5002 GHSA-p632-5w74-x8xx	Multiple vulnerabilities have been found in phpMyAdmin, allowing remote authenticated attackers to execute arbitrary code, inject SQL code or conduct other attacks.	3.5.8+2 Affected by 0 other vulnerabilities. 4.0.4.2 Affected by 18 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.0.4+2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-1dhd-3ayw-6kg3
Aliases:
CVE-2013-4997
GHSA-5gh4-v2ch-pcx4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitle (aka chart title) value.

3.5.8+2
Affected by 0 other vulnerabilities.

VCID-2n2q-cm1n-cqdr
Aliases:
CVE-2013-3239
GHSA-gg36-9346-9qx9

Multiple vulnerabilities have been found in phpMyAdmin, allowing remote authenticated attackers to execute arbitrary code, inject SQL code or conduct other attacks.

3.5.8+1
Affected by 0 other vulnerabilities.

VCID-46c2-r8g1-13ez
Aliases:
CVE-2012-4345
GHSA-r3pq-mp8v-cp33

phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name.

3.5.2+2
Affected by 0 other vulnerabilities.

VCID-5288-gx4v-7bh4
Aliases:
CVE-2012-5368
GHSA-xpxp-v33m-5jp9

phpMyAdmin Unsafe Fetching of Javascript Code phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code.

3.5.3
Affected by 0 other vulnerabilities.

VCID-dby9-xw23-huf5
Aliases:
CVE-2012-4579
GHSA-q7v2-w38r-pv7v

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345.

3.5.2+2
Affected by 0 other vulnerabilities.

VCID-kke6-fqmn-pug2
Aliases:
CVE-2012-5339
GHSA-rfpg-2fp8-2fph

phpMyAdmin multiple cross-site scripting vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger.

3.5.3
Affected by 0 other vulnerabilities.

VCID-q2be-73wp-tbav
Aliases:
CVE-2013-5002
GHSA-p632-5w74-x8xx

Multiple vulnerabilities have been found in phpMyAdmin, allowing remote authenticated attackers to execute arbitrary code, inject SQL code or conduct other attacks.

3.5.8+2
Affected by 0 other vulnerabilities.

4.0.4.2
Affected by 18 other vulnerabilities.

4.0.4+2
Affected by 3 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-04T14:31:50.761363+00:00	GHSA Importer	Affected by	VCID-dby9-xw23-huf5	https://github.com/advisories/GHSA-q7v2-w38r-pv7v	38.1.0
2026-04-04T14:31:49.209942+00:00	GHSA Importer	Affected by	VCID-5288-gx4v-7bh4	https://github.com/advisories/GHSA-xpxp-v33m-5jp9	38.1.0
2026-04-04T14:31:49.179618+00:00	GHSA Importer	Affected by	VCID-kke6-fqmn-pug2	https://github.com/advisories/GHSA-rfpg-2fp8-2fph	38.1.0
2026-04-04T14:31:48.838535+00:00	GHSA Importer	Affected by	VCID-46c2-r8g1-13ez	https://github.com/advisories/GHSA-r3pq-mp8v-cp33	38.1.0
2026-04-04T14:31:47.469347+00:00	GHSA Importer	Affected by	VCID-1dhd-3ayw-6kg3	https://github.com/advisories/GHSA-5gh4-v2ch-pcx4	38.1.0
2026-04-04T14:31:46.124957+00:00	GHSA Importer	Affected by	VCID-2n2q-cm1n-cqdr	https://github.com/advisories/GHSA-gg36-9346-9qx9	38.1.0
2026-04-04T14:31:26.933542+00:00	GHSA Importer	Affected by	VCID-q2be-73wp-tbav	https://github.com/advisories/GHSA-p632-5w74-x8xx	38.1.0
2026-04-03T21:26:03.784045+00:00	GitLab Importer	Affected by	VCID-46c2-r8g1-13ez	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2012-4345.yml	38.1.0
2026-04-03T21:25:57.622708+00:00	GitLab Importer	Affected by	VCID-5288-gx4v-7bh4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2012-5368.yml	38.1.0
2026-04-03T21:25:45.885328+00:00	GitLab Importer	Affected by	VCID-q2be-73wp-tbav	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2013-5002.yml	38.1.0
2026-04-03T21:25:44.560723+00:00	GitLab Importer	Affected by	VCID-2n2q-cm1n-cqdr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2013-3239.yml	38.1.0
2026-04-03T21:25:43.449932+00:00	GitLab Importer	Affected by	VCID-kke6-fqmn-pug2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2012-5339.yml	38.1.0
2026-04-01T12:50:44.976888+00:00	GitLab Importer	Affected by	VCID-dby9-xw23-huf5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2012-4579.yml	38.0.0
2026-04-01T12:50:44.707856+00:00	GitLab Importer	Affected by	VCID-1dhd-3ayw-6kg3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2013-4997.yml	38.0.0