VulnerableCode Package Details - pkg:composer/phpmyadmin/phpmyadmin@4.5.0%2B2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/phpmyadmin/phpmyadmin@4.5.0%2B2

Essentials
History (4)

purl	pkg:composer/phpmyadmin/phpmyadmin@4.5.0%2B2
Tags	Ghost

Next non-vulnerable version	4.9.11
Latest non-vulnerable version	5.2.2
Risk	4.0

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-3yp5-vqej-r7hh Aliases: CVE-2016-2040 GHSA-pw34-qf6c-84fc	Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin allow remote authenticated users to inject arbitrary web script or HTML.	4.5.4 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.7.0 Affected by 22 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-k7kn-ynne-b3gv Aliases: CVE-2016-2559 GHSA-7rf8-9r8f-qf59	Cross-site Scripting A Cross-site scripting (XSS) vulnerability in the format function in `libraries/sql-parser/src/Utils/Error.php` in the SQL parser in phpMyAdmin allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.	4.5.5+1 Affected by 0 other vulnerabilities. 4.7.0 Affected by 22 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-nfuk-7739-xqaw Aliases: CVE-2016-2562 GHSA-w8qg-j9fp-hrjf	Improper Input Validation The `checkHTTP` function in `libraries/Config.class.php` in phpMyAdmin does not verify X.509 certificates from `api.github.com` SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.	4.5.5+1 Affected by 0 other vulnerabilities. 4.7.0 Affected by 22 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-w37b-ep3h-tfaz Aliases: CVE-2016-2041 GHSA-8m97-xc46-rw9w	Covert Timing Channel `libraries/common.inc.php` in phpMyAdmin does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.	4.5.4 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.7.0 Affected by 22 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:47:01.544362+00:00	GitLab Importer	Affected by	VCID-nfuk-7739-xqaw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2562.yml	38.0.0
2026-04-01T12:47:01.516938+00:00	GitLab Importer	Affected by	VCID-k7kn-ynne-b3gv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2559.yml	38.0.0
2026-04-01T12:47:01.163957+00:00	GitLab Importer	Affected by	VCID-w37b-ep3h-tfaz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2041.yml	38.0.0
2026-04-01T12:47:01.093115+00:00	GitLab Importer	Affected by	VCID-3yp5-vqej-r7hh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2040.yml	38.0.0