VulnerableCode Package Details - pkg:composer/phpmyadmin/phpmyadmin@4.9.6

Search for packages

Vulnerability	Summary	Fixed by
VCID-2jjv-4en4-e3gx Aliases: CVE-2020-22278	phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents.	5.0.3 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-na3j-h3qr-k7dc Aliases: CVE-2022-23807 GHSA-8wf2-3ggj-78q9	Improper Authentication An issue was discovered in phpMyAdm. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.	4.9.8 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.0.0 Affected by 11 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.1.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rqy8-n6fr-hqey Aliases: CVE-2022-0813 GHSA-vx8q-j7h9-vf6q	Exposure of Sensitive Information to an Unauthorized Actor PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.	5.1.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.1.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ym9b-4su6-6fbr Aliases: CVE-2023-25727 GHSA-6hr3-44gx-g6wh	Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger Cross-site Scripting (XSS) by uploading a crafted .sql file through the drag-and-drop interface. By disabling the configuration directive `$cfg['enable_drag_drop_import']`, users will be unable to use the drag and drop upload which would protect against the vulnerability.	4.9.11 Affected by 0 other vulnerabilities. 5.2.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-2jjv-4en4-e3gx
Aliases:
CVE-2020-22278

phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents.

5.0.3
Affected by 3 other vulnerabilities.

VCID-na3j-h3qr-k7dc
Aliases:
CVE-2022-23807
GHSA-8wf2-3ggj-78q9

Improper Authentication An issue was discovered in phpMyAdm. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.

4.9.8
Affected by 2 other vulnerabilities.

5.0.0
Affected by 11 other vulnerabilities.

5.1.2
Affected by 2 other vulnerabilities.

VCID-rqy8-n6fr-hqey
Aliases:
CVE-2022-0813
GHSA-vx8q-j7h9-vf6q

Exposure of Sensitive Information to an Unauthorized Actor PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.

5.1.2
Affected by 2 other vulnerabilities.

5.1.3
Affected by 2 other vulnerabilities.

VCID-ym9b-4su6-6fbr
Aliases:
CVE-2023-25727
GHSA-6hr3-44gx-g6wh

Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger Cross-site Scripting (XSS) by uploading a crafted .sql file through the drag-and-drop interface. By disabling the configuration directive `$cfg['enable_drag_drop_import']`, users will be unable to use the drag and drop upload which would protect against the vulnerability.

4.9.11
Affected by 0 other vulnerabilities.

5.2.1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-2y3v-jnph-hfh4	Multiple vulnerabilities have been found in phpMyAdmin, allowing remote attackers to conduct XSS.	CVE-2020-26935 GHSA-7ff4-cv53-4cjq
VCID-mk34-h4nz-b3ey	Multiple vulnerabilities have been found in phpMyAdmin, allowing remote attackers to conduct XSS.	CVE-2020-26934 GHSA-6349-53vr-7hcr

Vulnerability

Summary

Aliases

VCID-2y3v-jnph-hfh4

Multiple vulnerabilities have been found in phpMyAdmin, allowing remote attackers to conduct XSS.

CVE-2020-26935
GHSA-7ff4-cv53-4cjq

VCID-mk34-h4nz-b3ey

Multiple vulnerabilities have been found in phpMyAdmin, allowing remote attackers to conduct XSS.

CVE-2020-26934
GHSA-6349-53vr-7hcr

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:21:41.535046+00:00	GitLab Importer	Affected by	VCID-ym9b-4su6-6fbr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2023-25727.yml	38.4.0
2026-04-16T21:42:03.862678+00:00	GitLab Importer	Affected by	VCID-rqy8-n6fr-hqey	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2022-0813.yml	38.4.0
2026-04-16T21:37:59.000511+00:00	GitLab Importer	Affected by	VCID-na3j-h3qr-k7dc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2022-23807.yml	38.4.0
2026-04-16T21:13:28.939833+00:00	GitLab Importer	Affected by	VCID-2jjv-4en4-e3gx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2020-22278.yml	38.4.0
2026-04-11T23:39:45.647137+00:00	GitLab Importer	Affected by	VCID-ym9b-4su6-6fbr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2023-25727.yml	38.3.0
2026-04-11T22:57:32.182111+00:00	GitLab Importer	Affected by	VCID-rqy8-n6fr-hqey	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2022-0813.yml	38.3.0
2026-04-11T22:52:22.514009+00:00	GitLab Importer	Affected by	VCID-na3j-h3qr-k7dc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2022-23807.yml	38.3.0
2026-04-11T22:25:35.043527+00:00	GitLab Importer	Affected by	VCID-2jjv-4en4-e3gx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2020-22278.yml	38.3.0
2026-04-02T23:43:54.288995+00:00	GitLab Importer	Affected by	VCID-ym9b-4su6-6fbr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2023-25727.yml	38.1.0
2026-04-02T23:06:26.886818+00:00	GitLab Importer	Affected by	VCID-rqy8-n6fr-hqey	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2022-0813.yml	38.1.0
2026-04-02T23:01:46.614434+00:00	GitLab Importer	Affected by	VCID-na3j-h3qr-k7dc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2022-23807.yml	38.1.0
2026-04-02T22:37:22.761310+00:00	GitLab Importer	Affected by	VCID-2jjv-4en4-e3gx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2020-22278.yml	38.1.0
2026-04-02T12:37:34.246946+00:00	GitLab Importer	Fixing	VCID-2y3v-jnph-hfh4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2020-26935.yml	38.0.0
2026-04-02T12:37:34.187622+00:00	GitLab Importer	Fixing	VCID-mk34-h4nz-b3ey	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2020-26934.yml	38.0.0
2026-04-01T18:06:49.749386+00:00	GitLab Importer	Affected by	VCID-ym9b-4su6-6fbr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2023-25727.yml	38.0.0
2026-04-01T17:25:39.750764+00:00	GitLab Importer	Affected by	VCID-rqy8-n6fr-hqey	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2022-0813.yml	38.0.0
2026-04-01T17:20:37.445723+00:00	GitLab Importer	Affected by	VCID-na3j-h3qr-k7dc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2022-23807.yml	38.0.0
2026-04-01T16:01:49.053909+00:00	GHSA Importer	Fixing	VCID-mk34-h4nz-b3ey	https://github.com/advisories/GHSA-6349-53vr-7hcr	38.0.0
2026-04-01T16:01:49.008960+00:00	GHSA Importer	Fixing	VCID-2y3v-jnph-hfh4	https://github.com/advisories/GHSA-7ff4-cv53-4cjq	38.0.0
2026-04-01T13:09:10.553088+00:00	GithubOSV Importer	Fixing	VCID-mk34-h4nz-b3ey	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6349-53vr-7hcr/GHSA-6349-53vr-7hcr.json	38.0.0
2026-04-01T13:07:59.441860+00:00	GithubOSV Importer	Fixing	VCID-2y3v-jnph-hfh4	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7ff4-cv53-4cjq/GHSA-7ff4-cv53-4cjq.json	38.0.0