Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/phpmyadmin/phpmyadmin@4.6.3
purl pkg:composer/phpmyadmin/phpmyadmin@4.6.3
Tags Ghost
Next non-vulnerable version 4.9.11
Latest non-vulnerable version 5.2.2
Risk 4.5
Vulnerabilities affecting this package (13)
Vulnerability Summary Fixed by
VCID-1dc8-kafr-3qd7
Aliases:
CVE-2016-6628
GHSA-phhm-63xx-v9rr
Cross-site Scripting An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file.
4.6.4
Affected by 5 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-64sy-unts-juf3
Aliases:
CVE-2016-6625
GHSA-r643-7xfg-ppc5
Information Exposure An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user session, username, and password are not compromised by this vulnerability.
4.6.4
Affected by 5 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-8fu3-wm7d-qkeu
Aliases:
CVE-2016-6632
GHSA-426q-975p-w5cr
Incomplete Cleanup An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files.
4.6.4
Affected by 5 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-9t2s-etzf-t3d2
Aliases:
CVE-2016-6609
GHSA-wpww-hx7x-xfjh
Command Injection An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature.
4.6.4
Affected by 5 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-e9qs-mvaa-wyc6
Aliases:
CVE-2016-6624
GHSA-mhxj-6vf8-mwv3
Incomplete List of Disallowed Inputs An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules.
4.6.4
Affected by 5 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-fgr8-8j61-cufq
Aliases:
CVE-2016-6612
GHSA-fcgm-62p3-f7cm
Information Exposure An issue was discovered in phpMyAdmin. A user can exploit the "LOAD LOCAL INFILE" functionality to expose files on the server to the database system.
4.6.4
Affected by 5 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-fvnp-w4kk-3qfq
Aliases:
CVE-2016-6608
GHSA-jfmj-27fp-qp67
Cross-site Scripting XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack.
4.6.4
Affected by 5 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-gzqe-8ywj-h7hk
Aliases:
CVE-2016-9847
GHSA-9xhq-pm7v-693p
Cryptographic Issues An issue was discovered in phpMyAdmin. When the user does not specify a `blowfish_secret` key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's `blowfish_secret` and potentially decrypt their cookies.
4.6.5
Affected by 3 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-h5wu-ugm7-4bah
Aliases:
CVE-2016-6633
GHSA-p849-vf5f-f3x7
Code Injection An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension.
4.6.4
Affected by 5 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-tydk-zjv1-nye6
Aliases:
CVE-2016-6622
GHSA-qf3f-7x69-qfv3
Improper Input Validation An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with `$cfg['AllowArbitraryServer']=true`.
4.6.4
Affected by 5 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-v66b-3ghf-9uas
Aliases:
CVE-2016-6629
GHSA-567r-vqj7-5cw7
Improper Input Validation An issue was discovered in phpMyAdmin involving the `$cfg['ArbitraryServerRegexp']` configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by `ArbitraryServerRegexp`.
4.6.4
Affected by 5 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-z22z-a5bq-97d3
Aliases:
CVE-2016-6618
GHSA-rv6m-chvv-wmxg
Uncontrolled Resouce Consumption An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server.
4.6.4
Affected by 5 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-zg16-dfu1-g7dn
Aliases:
CVE-2016-6613
GHSA-6j2v-g9rg-qcm5
Information Exposure An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user.
4.6.4
Affected by 5 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-04T14:31:21.610998+00:00 GHSA Importer Fixing VCID-81mz-gdhq-r7fm https://github.com/advisories/GHSA-gcvp-cwgw-wx8j 38.1.0
2026-04-04T14:31:21.551412+00:00 GHSA Importer Fixing VCID-zbha-a7rp-nbd9 https://github.com/advisories/GHSA-rv57-479x-x4qv 38.1.0
2026-04-04T14:31:21.519777+00:00 GHSA Importer Fixing VCID-19c4-dbx1-e3aj https://github.com/advisories/GHSA-3q28-xfw3-2q35 38.1.0
2026-04-04T14:31:21.491525+00:00 GHSA Importer Fixing VCID-g76e-r914-xfgc https://github.com/advisories/GHSA-xqw9-ffx7-g998 38.1.0
2026-04-04T14:30:41.057024+00:00 GHSA Importer Fixing VCID-nz1c-xk2s-3fau https://github.com/advisories/GHSA-mwm8-36c5-j5cf 38.1.0
2026-04-04T14:30:40.904003+00:00 GHSA Importer Fixing VCID-we1q-4dc4-qufn https://github.com/advisories/GHSA-cr65-p662-fx5c 38.1.0
2026-04-04T14:30:40.634572+00:00 GHSA Importer Fixing VCID-a1h3-y1fe-7fe2 https://github.com/advisories/GHSA-rh74-5835-jpxp 38.1.0
2026-04-04T14:30:40.598642+00:00 GHSA Importer Fixing VCID-hucu-azum-53bw https://github.com/advisories/GHSA-wm9c-vcv2-vpqc 38.1.0
2026-04-04T14:30:40.525190+00:00 GHSA Importer Fixing VCID-cx8d-r8hf-3kak https://github.com/advisories/GHSA-2p7v-jm8m-g3qq 38.1.0
2026-04-04T14:30:40.490928+00:00 GHSA Importer Fixing VCID-r8te-6fr7-tuc2 https://github.com/advisories/GHSA-6q2j-8h8q-46mr 38.1.0
2026-04-04T14:30:40.418285+00:00 GHSA Importer Fixing VCID-b5bf-6u8e-byh8 https://github.com/advisories/GHSA-9rmm-8fp4-26hv 38.1.0
2026-04-03T21:26:08.187033+00:00 GitLab Importer Fixing VCID-g76e-r914-xfgc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-5702.yml 38.1.0
2026-04-03T21:26:00.378780+00:00 GitLab Importer Fixing VCID-zbha-a7rp-nbd9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-5734.yml 38.1.0
2026-04-03T21:25:54.981918+00:00 GitLab Importer Fixing VCID-81mz-gdhq-r7fm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-5704.yml 38.1.0
2026-04-03T21:25:50.445651+00:00 GitLab Importer Fixing VCID-19c4-dbx1-e3aj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-5732.yml 38.1.0
2026-04-01T13:12:02.672101+00:00 GithubOSV Importer Fixing VCID-we1q-4dc4-qufn https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cr65-p662-fx5c/GHSA-cr65-p662-fx5c.json 38.0.0
2026-04-01T13:11:24.176893+00:00 GithubOSV Importer Fixing VCID-hucu-azum-53bw https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wm9c-vcv2-vpqc/GHSA-wm9c-vcv2-vpqc.json 38.0.0
2026-04-01T13:10:55.667039+00:00 GithubOSV Importer Fixing VCID-nz1c-xk2s-3fau https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mwm8-36c5-j5cf/GHSA-mwm8-36c5-j5cf.json 38.0.0
2026-04-01T13:10:44.207620+00:00 GithubOSV Importer Fixing VCID-81mz-gdhq-r7fm https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gcvp-cwgw-wx8j/GHSA-gcvp-cwgw-wx8j.json 38.0.0
2026-04-01T13:10:35.586555+00:00 GithubOSV Importer Fixing VCID-a1h3-y1fe-7fe2 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rh74-5835-jpxp/GHSA-rh74-5835-jpxp.json 38.0.0
2026-04-01T13:10:25.569273+00:00 GithubOSV Importer Fixing VCID-b5bf-6u8e-byh8 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9rmm-8fp4-26hv/GHSA-9rmm-8fp4-26hv.json 38.0.0
2026-04-01T13:09:47.861785+00:00 GithubOSV Importer Fixing VCID-19c4-dbx1-e3aj https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3q28-xfw3-2q35/GHSA-3q28-xfw3-2q35.json 38.0.0
2026-04-01T13:09:06.049308+00:00 GithubOSV Importer Fixing VCID-r8te-6fr7-tuc2 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6q2j-8h8q-46mr/GHSA-6q2j-8h8q-46mr.json 38.0.0
2026-04-01T13:08:47.362778+00:00 GithubOSV Importer Fixing VCID-g76e-r914-xfgc https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xqw9-ffx7-g998/GHSA-xqw9-ffx7-g998.json 38.0.0
2026-04-01T13:08:37.534313+00:00 GithubOSV Importer Fixing VCID-cx8d-r8hf-3kak https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2p7v-jm8m-g3qq/GHSA-2p7v-jm8m-g3qq.json 38.0.0
2026-04-01T13:08:18.700728+00:00 GithubOSV Importer Fixing VCID-zbha-a7rp-nbd9 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rv57-479x-x4qv/GHSA-rv57-479x-x4qv.json 38.0.0
2026-04-01T12:50:40.997726+00:00 GitLab Importer Fixing VCID-we1q-4dc4-qufn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-5733.yml 38.0.0
2026-04-01T12:50:38.996610+00:00 GitLab Importer Fixing VCID-a1h3-y1fe-7fe2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-5701.yml 38.0.0
2026-04-01T12:50:32.430791+00:00 GitLab Importer Fixing VCID-cx8d-r8hf-3kak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-5739.yml 38.0.0
2026-04-01T12:50:32.172968+00:00 GitLab Importer Fixing VCID-r8te-6fr7-tuc2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-5705.yml 38.0.0
2026-04-01T12:50:30.992475+00:00 GitLab Importer Fixing VCID-b5bf-6u8e-byh8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-5706.yml 38.0.0
2026-04-01T12:47:07.767293+00:00 GitLab Importer Affected by VCID-z22z-a5bq-97d3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-6618.yml 38.0.0
2026-04-01T12:47:07.747578+00:00 GitLab Importer Affected by VCID-64sy-unts-juf3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-6625.yml 38.0.0
2026-04-01T12:47:07.727188+00:00 GitLab Importer Affected by VCID-9t2s-etzf-t3d2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-6609.yml 38.0.0
2026-04-01T12:47:07.708247+00:00 GitLab Importer Affected by VCID-zg16-dfu1-g7dn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-6613.yml 38.0.0
2026-04-01T12:47:07.689077+00:00 GitLab Importer Affected by VCID-fvnp-w4kk-3qfq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-6608.yml 38.0.0
2026-04-01T12:47:07.653311+00:00 GitLab Importer Affected by VCID-v66b-3ghf-9uas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-6629.yml 38.0.0
2026-04-01T12:47:07.611420+00:00 GitLab Importer Affected by VCID-e9qs-mvaa-wyc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-6624.yml 38.0.0
2026-04-01T12:47:07.591009+00:00 GitLab Importer Affected by VCID-fgr8-8j61-cufq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-6612.yml 38.0.0
2026-04-01T12:47:07.571913+00:00 GitLab Importer Affected by VCID-h5wu-ugm7-4bah https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-6633.yml 38.0.0
2026-04-01T12:47:07.509004+00:00 GitLab Importer Affected by VCID-8fu3-wm7d-qkeu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-6632.yml 38.0.0
2026-04-01T12:47:07.469504+00:00 GitLab Importer Affected by VCID-tydk-zjv1-nye6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-6622.yml 38.0.0
2026-04-01T12:47:07.451074+00:00 GitLab Importer Affected by VCID-gzqe-8ywj-h7hk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-9847.yml 38.0.0
2026-04-01T12:47:07.430952+00:00 GitLab Importer Affected by VCID-1dc8-kafr-3qd7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-6628.yml 38.0.0