VulnerableCode Package Details - pkg:composer/phpmyadmin/phpmyadmin@4.1.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-7mys-s9mz-h3g1 Aliases: CVE-2014-7217 GHSA-wv8g-fx9j-q2jg	phpMyAdmin cross-site scripting Vulnerability via ENUM value Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to `libraries/TableSearch.class.php` and `libraries/Util.class.php`.	4.1.14+5 Affected by 0 other vulnerabilities. 4.2.9+1 Affected by 0 other vulnerabilities.
VCID-b9b1-624h-uubt Aliases: CVE-2014-8326 GHSA-pvr5-84gr-g985	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page.	4.1.14+6 Affected by 0 other vulnerabilities. 4.2.10+1 Affected by 0 other vulnerabilities.
VCID-cy6p-nz8a-zydk Aliases: CVE-2014-6300 GHSA-6wfj-2mw7-p5cg	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.	4.1.14+4 Affected by 0 other vulnerabilities. 4.2.8+1 Affected by 0 other vulnerabilities.
VCID-dq1s-n5vp-q7gd Aliases: CVE-2014-5274 GHSA-q586-xpwr-jc3j	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js.	4.1.14+3 Affected by 0 other vulnerabilities. 4.2.7+1 Affected by 0 other vulnerabilities.
VCID-eq3j-14fc-2uev Aliases: CVE-2014-4986 GHSA-jqmr-wqgp-8mh2	Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could lead to arbitrary code execution.	4.1.14+2 Affected by 0 other vulnerabilities. 4.2.6 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-7mys-s9mz-h3g1
Aliases:
CVE-2014-7217
GHSA-wv8g-fx9j-q2jg

phpMyAdmin cross-site scripting Vulnerability via ENUM value Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to `libraries/TableSearch.class.php` and `libraries/Util.class.php`.

4.1.14+5
Affected by 0 other vulnerabilities.

4.2.9+1
Affected by 0 other vulnerabilities.

VCID-b9b1-624h-uubt
Aliases:
CVE-2014-8326
GHSA-pvr5-84gr-g985

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page.

4.1.14+6
Affected by 0 other vulnerabilities.

4.2.10+1
Affected by 0 other vulnerabilities.

VCID-cy6p-nz8a-zydk
Aliases:
CVE-2014-6300
GHSA-6wfj-2mw7-p5cg

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.

4.1.14+4
Affected by 0 other vulnerabilities.

4.2.8+1
Affected by 0 other vulnerabilities.

VCID-dq1s-n5vp-q7gd
Aliases:
CVE-2014-5274
GHSA-q586-xpwr-jc3j

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js.

4.1.14+3
Affected by 0 other vulnerabilities.

4.2.7+1
Affected by 0 other vulnerabilities.

VCID-eq3j-14fc-2uev
Aliases:
CVE-2014-4986
GHSA-jqmr-wqgp-8mh2

Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could lead to arbitrary code execution.

4.1.14+2
Affected by 0 other vulnerabilities.

4.2.6
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-04T14:31:37.638416+00:00	GHSA Importer	Affected by	VCID-7mys-s9mz-h3g1	https://github.com/advisories/GHSA-wv8g-fx9j-q2jg	38.1.0
2026-04-04T14:31:28.146138+00:00	GHSA Importer	Affected by	VCID-eq3j-14fc-2uev	https://github.com/advisories/GHSA-jqmr-wqgp-8mh2	38.1.0
2026-04-04T14:30:41.875841+00:00	GHSA Importer	Affected by	VCID-cy6p-nz8a-zydk	https://github.com/advisories/GHSA-6wfj-2mw7-p5cg	38.1.0
2026-04-04T14:30:39.659123+00:00	GHSA Importer	Affected by	VCID-b9b1-624h-uubt	https://github.com/advisories/GHSA-pvr5-84gr-g985	38.1.0
2026-04-04T14:30:39.537249+00:00	GHSA Importer	Affected by	VCID-dq1s-n5vp-q7gd	https://github.com/advisories/GHSA-q586-xpwr-jc3j	38.1.0
2026-04-03T21:26:07.779488+00:00	GitLab Importer	Affected by	VCID-eq3j-14fc-2uev	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2014-4986.yml	38.1.0
2026-04-03T21:25:55.478490+00:00	GitLab Importer	Affected by	VCID-7mys-s9mz-h3g1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2014-7217.yml	38.1.0
2026-04-01T12:50:39.393617+00:00	GitLab Importer	Affected by	VCID-cy6p-nz8a-zydk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2014-6300.yml	38.0.0
2026-04-01T12:50:36.965668+00:00	GitLab Importer	Affected by	VCID-b9b1-624h-uubt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2014-8326.yml	38.0.0
2026-04-01T12:50:28.677150+00:00	GitLab Importer	Affected by	VCID-dq1s-n5vp-q7gd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2014-5274.yml	38.0.0