VulnerableCode Package Details - pkg:composer/phpmyadmin/phpmyadmin@4.5.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-k7kn-ynne-b3gv Aliases: CVE-2016-2559 GHSA-7rf8-9r8f-qf59	Cross-site Scripting A Cross-site scripting (XSS) vulnerability in the format function in `libraries/sql-parser/src/Utils/Error.php` in the SQL parser in phpMyAdmin allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.	4.5.5+1 Affected by 0 other vulnerabilities. 4.7.0 Affected by 22 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-nfuk-7739-xqaw Aliases: CVE-2016-2562 GHSA-w8qg-j9fp-hrjf	Improper Input Validation The `checkHTTP` function in `libraries/Config.class.php` in phpMyAdmin does not verify X.509 certificates from `api.github.com` SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.	4.5.5+1 Affected by 0 other vulnerabilities. 4.7.0 Affected by 22 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-k7kn-ynne-b3gv
Aliases:
CVE-2016-2559
GHSA-7rf8-9r8f-qf59

Cross-site Scripting A Cross-site scripting (XSS) vulnerability in the format function in `libraries/sql-parser/src/Utils/Error.php` in the SQL parser in phpMyAdmin allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.

4.5.5+1
Affected by 0 other vulnerabilities.

4.7.0
Affected by 22 other vulnerabilities.

VCID-nfuk-7739-xqaw
Aliases:
CVE-2016-2562
GHSA-w8qg-j9fp-hrjf

Improper Input Validation The `checkHTTP` function in `libraries/Config.class.php` in phpMyAdmin does not verify X.509 certificates from `api.github.com` SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.

4.5.5+1
Affected by 0 other vulnerabilities.

4.7.0
Affected by 22 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-04T14:31:31.213891+00:00	GHSA Importer	Fixing	VCID-f7gd-w9r7-xyb2	https://github.com/advisories/GHSA-4gmg-gwjh-3mmr	38.1.0
2026-04-04T14:30:40.157895+00:00	GHSA Importer	Fixing	VCID-w37b-ep3h-tfaz	https://github.com/advisories/GHSA-8m97-xc46-rw9w	38.1.0
2026-04-04T14:30:40.122976+00:00	GHSA Importer	Fixing	VCID-3yp5-vqej-r7hh	https://github.com/advisories/GHSA-pw34-qf6c-84fc	38.1.0
2026-04-01T13:12:04.929223+00:00	GithubOSV Importer	Fixing	VCID-3yp5-vqej-r7hh	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pw34-qf6c-84fc/GHSA-pw34-qf6c-84fc.json	38.0.0
2026-04-01T13:08:46.770975+00:00	GithubOSV Importer	Fixing	VCID-w37b-ep3h-tfaz	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8m97-xc46-rw9w/GHSA-8m97-xc46-rw9w.json	38.0.0
2026-04-01T13:08:16.029083+00:00	GithubOSV Importer	Fixing	VCID-f7gd-w9r7-xyb2	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4gmg-gwjh-3mmr/GHSA-4gmg-gwjh-3mmr.json	38.0.0
2026-04-01T12:50:44.355258+00:00	GitLab Importer	Fixing	VCID-f7gd-w9r7-xyb2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-1927.yml	38.0.0
2026-04-01T12:47:01.549118+00:00	GitLab Importer	Affected by	VCID-nfuk-7739-xqaw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2562.yml	38.0.0
2026-04-01T12:47:01.522873+00:00	GitLab Importer	Affected by	VCID-k7kn-ynne-b3gv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2559.yml	38.0.0