Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/phpmyadmin/phpmyadmin@4.4.6%2B1
purl pkg:composer/phpmyadmin/phpmyadmin@4.4.6%2B1
Tags Ghost
Next non-vulnerable version 4.9.11
Latest non-vulnerable version 5.2.2
Risk 4.0
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-3yp5-vqej-r7hh
Aliases:
CVE-2016-2040
GHSA-pw34-qf6c-84fc
Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin allow remote authenticated users to inject arbitrary web script or HTML.
4.4.15+3
Affected by 2 other vulnerabilities.
4.5.4
Affected by 2 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-7h9b-a8dp-57hp
Aliases:
CVE-2017-1000015
GHSA-3fgq-cmr4-97rr
Cross-site Scripting phpMyAdmin is vulnerable to a CSS injection attack through crafted cookie parameters.
4.4.15+10
Affected by 2 other vulnerabilities.
4.6.6
Affected by 2 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-uw6h-fpzy-x3ap
Aliases:
CVE-2017-1000013
GHSA-5h5m-fj48-qpjw
URL Redirection to Untrusted Site (Open Redirect) phpMyAdmin is vulnerable to an open redirect weakness.
4.4.15+10
Affected by 2 other vulnerabilities.
4.6.6
Affected by 2 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-w37b-ep3h-tfaz
Aliases:
CVE-2016-2041
GHSA-8m97-xc46-rw9w
Covert Timing Channel `libraries/common.inc.php` in phpMyAdmin does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.
4.4.15+3
Affected by 2 other vulnerabilities.
4.5.4
Affected by 2 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-zreq-41ja-pbf1
Aliases:
CVE-2017-1000014
GHSA-9hrc-rwrq-v6mh
Improper Input Validation phpMyAdmin is vulnerable to a DoS weakness in the table editing functionality.
4.4.15+10
Affected by 2 other vulnerabilities.
4.6.6
Affected by 2 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T12:47:16.554767+00:00 GitLab Importer Affected by VCID-zreq-41ja-pbf1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2017-1000014.yml 38.0.0
2026-04-01T12:47:16.427651+00:00 GitLab Importer Affected by VCID-uw6h-fpzy-x3ap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2017-1000013.yml 38.0.0
2026-04-01T12:47:16.042695+00:00 GitLab Importer Affected by VCID-7h9b-a8dp-57hp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2017-1000015.yml 38.0.0
2026-04-01T12:47:01.153224+00:00 GitLab Importer Affected by VCID-w37b-ep3h-tfaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2041.yml 38.0.0
2026-04-01T12:47:01.079047+00:00 GitLab Importer Affected by VCID-3yp5-vqej-r7hh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2040.yml 38.0.0