Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/phpmyadmin/phpmyadmin@4.5.0
purl pkg:composer/phpmyadmin/phpmyadmin@4.5.0
Tags Ghost
Next non-vulnerable version 4.9.11
Latest non-vulnerable version 5.2.2
Risk 4.5
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-27kp-82xd-cucw
Aliases:
CVE-2015-7873
GHSA-5pmg-qh2c-7j24
phpMyAdmin allows remote attackers to spoof content via the url parameter The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.
4.5.1
Affected by 4 other vulnerabilities.
VCID-3yp5-vqej-r7hh
Aliases:
CVE-2016-2040
GHSA-pw34-qf6c-84fc
Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin allow remote authenticated users to inject arbitrary web script or HTML.
4.5.4
Affected by 2 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-br1c-5bzf-ufeu
Aliases:
CVE-2019-6798
GHSA-f732-fxh6-g4qj
SQL Injection An issue was discovered in phpMyAdmin. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.
4.8.5
Affected by 12 other vulnerabilities.
5.0.0
Affected by 11 other vulnerabilities.
VCID-f7gd-w9r7-xyb2
Aliases:
CVE-2016-1927
GHSA-4gmg-gwjh-3mmr
phpMyAdmin Cryptographic Vulnerability The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.
4.5.4
Affected by 2 other vulnerabilities.
VCID-k7kn-ynne-b3gv
Aliases:
CVE-2016-2559
GHSA-7rf8-9r8f-qf59
Cross-site Scripting A Cross-site scripting (XSS) vulnerability in the format function in `libraries/sql-parser/src/Utils/Error.php` in the SQL parser in phpMyAdmin allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.
4.5.5+1
Affected by 0 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-nfuk-7739-xqaw
Aliases:
CVE-2016-2562
GHSA-w8qg-j9fp-hrjf
Improper Input Validation The `checkHTTP` function in `libraries/Config.class.php` in phpMyAdmin does not verify X.509 certificates from `api.github.com` SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.
4.5.5+1
Affected by 0 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-w37b-ep3h-tfaz
Aliases:
CVE-2016-2041
GHSA-8m97-xc46-rw9w
Covert Timing Channel `libraries/common.inc.php` in phpMyAdmin does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.
4.5.4
Affected by 2 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-04T14:31:31.210466+00:00 GHSA Importer Affected by VCID-f7gd-w9r7-xyb2 https://github.com/advisories/GHSA-4gmg-gwjh-3mmr 38.1.0
2026-04-04T14:31:29.823305+00:00 GHSA Importer Affected by VCID-k7kn-ynne-b3gv https://github.com/advisories/GHSA-7rf8-9r8f-qf59 38.1.0
2026-04-04T14:31:29.790961+00:00 GHSA Importer Affected by VCID-nfuk-7739-xqaw https://github.com/advisories/GHSA-w8qg-j9fp-hrjf 38.1.0
2026-04-04T14:31:29.002732+00:00 GHSA Importer Affected by VCID-27kp-82xd-cucw https://github.com/advisories/GHSA-5pmg-qh2c-7j24 38.1.0
2026-04-04T14:30:40.153829+00:00 GHSA Importer Affected by VCID-w37b-ep3h-tfaz https://github.com/advisories/GHSA-8m97-xc46-rw9w 38.1.0
2026-04-04T14:30:40.119417+00:00 GHSA Importer Affected by VCID-3yp5-vqej-r7hh https://github.com/advisories/GHSA-pw34-qf6c-84fc 38.1.0
2026-04-03T21:25:48.183082+00:00 GitLab Importer Affected by VCID-27kp-82xd-cucw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2015-7873.yml 38.1.0
2026-04-01T12:50:44.340311+00:00 GitLab Importer Affected by VCID-f7gd-w9r7-xyb2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-1927.yml 38.0.0
2026-04-01T12:48:16.514702+00:00 GitLab Importer Affected by VCID-br1c-5bzf-ufeu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2019-6798.yml 38.0.0
2026-04-01T12:47:01.542729+00:00 GitLab Importer Affected by VCID-nfuk-7739-xqaw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2562.yml 38.0.0
2026-04-01T12:47:01.514435+00:00 GitLab Importer Affected by VCID-k7kn-ynne-b3gv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2559.yml 38.0.0
2026-04-01T12:47:01.162188+00:00 GitLab Importer Affected by VCID-w37b-ep3h-tfaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2041.yml 38.0.0
2026-04-01T12:47:01.090741+00:00 GitLab Importer Affected by VCID-3yp5-vqej-r7hh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2040.yml 38.0.0