Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/phpmyadmin@0?distro=trixie
purl pkg:deb/debian/phpmyadmin@0?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (14)
Vulnerability Summary Aliases
VCID-5288-gx4v-7bh4 phpMyAdmin Unsafe Fetching of Javascript Code phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code. CVE-2012-5368
GHSA-xpxp-v33m-5jp9
VCID-9auw-hwad-ybaf Improper Authentication An issue was discovered in phpMyAdm in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for allowed pages. CVE-2018-12613
GHSA-x394-g9j8-x7mf
VCID-cb4p-81h2-h7cb Multiple vulnerabilities have been found in phpMyAdmin, allowing remote authenticated attackers to execute arbitrary code, inject SQL code or conduct other attacks. CVE-2013-3238
VCID-fchc-55te-akhe Cross-site Scripting An issue was discovered in phpMyAdm. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature. CVE-2018-15605
GHSA-c958-4j9x-q7w4
VCID-fhw5-5mdt-7ff3 Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files. CVE-2006-6374
VCID-kke6-fqmn-pug2 phpMyAdmin multiple cross-site scripting vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger. CVE-2012-5339
GHSA-rfpg-2fp8-2fph
VCID-ktmy-w9g2-1fav Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could lead to arbitrary code execution. CVE-2016-5098
VCID-nr3p-zfc2-p7ac export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request. CVE-2013-3241
VCID-q6z8-dgxc-h3fr phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack. CVE-2012-5159
VCID-sgc1-f332-byfu phpMyAdmin leaves the SQL install script with insecure permissions, potentially leading to a database compromise. CVE-2005-1392
VCID-tbnx-nuzv-ebdc Cross-Site Request Forgery (CSRF) phpMyAdmin versions is vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping or truncating tables etc. CVE-2017-1000499
GHSA-f9hx-5jq4-fgjm
VCID-u32z-czfc-qbe1 Multiple flaws in phpMyAdmin may lead to several XSS issues and local and remote file inclusion vulnerabilities. CVE-2005-4079
VCID-uxne-zpub-tffp Multiple vulnerabilities have been found in phpMyAdmin, allowing remote authenticated attackers to execute arbitrary code, inject SQL code or conduct other attacks. CVE-2013-1937
VCID-xae2-3cvs-kuex Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type. CVE-2013-3240

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T13:29:12.218972+00:00 Debian Importer Fixing VCID-sgc1-f332-byfu https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T13:22:58.114570+00:00 Debian Importer Fixing VCID-5288-gx4v-7bh4 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T13:11:30.471801+00:00 Debian Importer Fixing VCID-cb4p-81h2-h7cb https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:28:01.231410+00:00 Debian Importer Fixing VCID-fchc-55te-akhe https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:05:01.094887+00:00 Debian Importer Fixing VCID-q6z8-dgxc-h3fr https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:03:17.747459+00:00 Debian Importer Fixing VCID-u32z-czfc-qbe1 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:21:05.728858+00:00 Debian Importer Fixing VCID-ktmy-w9g2-1fav https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:14:53.086905+00:00 Debian Importer Fixing VCID-kke6-fqmn-pug2 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:40:34.188728+00:00 Debian Importer Fixing VCID-fhw5-5mdt-7ff3 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:34:45.627237+00:00 Debian Importer Fixing VCID-9auw-hwad-ybaf https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:31:33.922688+00:00 Debian Importer Fixing VCID-xae2-3cvs-kuex https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:30:06.619423+00:00 Debian Importer Fixing VCID-uxne-zpub-tffp https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:05:16.990785+00:00 Debian Importer Fixing VCID-nr3p-zfc2-p7ac https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:34:43.534551+00:00 Debian Importer Fixing VCID-tbnx-nuzv-ebdc https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T09:18:24.451232+00:00 Debian Importer Fixing VCID-sgc1-f332-byfu https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T09:13:40.830093+00:00 Debian Importer Fixing VCID-5288-gx4v-7bh4 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T09:04:39.705155+00:00 Debian Importer Fixing VCID-cb4p-81h2-h7cb https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:32:04.097621+00:00 Debian Importer Fixing VCID-fchc-55te-akhe https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:15:27.923439+00:00 Debian Importer Fixing VCID-q6z8-dgxc-h3fr https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:14:10.915711+00:00 Debian Importer Fixing VCID-u32z-czfc-qbe1 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:43:40.259934+00:00 Debian Importer Fixing VCID-ktmy-w9g2-1fav https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:38:57.796508+00:00 Debian Importer Fixing VCID-kke6-fqmn-pug2 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:13:16.227498+00:00 Debian Importer Fixing VCID-fhw5-5mdt-7ff3 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:08:48.709966+00:00 Debian Importer Fixing VCID-9auw-hwad-ybaf https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:06:18.038191+00:00 Debian Importer Fixing VCID-xae2-3cvs-kuex https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:05:20.148172+00:00 Debian Importer Fixing VCID-uxne-zpub-tffp https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:46:14.188826+00:00 Debian Importer Fixing VCID-nr3p-zfc2-p7ac https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:22:52.455410+00:00 Debian Importer Fixing VCID-tbnx-nuzv-ebdc https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:49:55.025142+00:00 Debian Importer Fixing VCID-fchc-55te-akhe https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:49:54.978661+00:00 Debian Importer Fixing VCID-9auw-hwad-ybaf https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:49:54.797620+00:00 Debian Importer Fixing VCID-tbnx-nuzv-ebdc https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:49:51.944405+00:00 Debian Importer Fixing VCID-ktmy-w9g2-1fav https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:49:49.684621+00:00 Debian Importer Fixing VCID-nr3p-zfc2-p7ac https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:49:49.642538+00:00 Debian Importer Fixing VCID-xae2-3cvs-kuex https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:49:49.559862+00:00 Debian Importer Fixing VCID-cb4p-81h2-h7cb https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:49:49.518692+00:00 Debian Importer Fixing VCID-uxne-zpub-tffp https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:49:49.477856+00:00 Debian Importer Fixing VCID-5288-gx4v-7bh4 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:49:49.436073+00:00 Debian Importer Fixing VCID-kke6-fqmn-pug2 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:49:49.395200+00:00 Debian Importer Fixing VCID-q6z8-dgxc-h3fr https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:49:46.277719+00:00 Debian Importer Fixing VCID-fhw5-5mdt-7ff3 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:49:45.612629+00:00 Debian Importer Fixing VCID-u32z-czfc-qbe1 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:49:45.210680+00:00 Debian Importer Fixing VCID-sgc1-f332-byfu https://security-tracker.debian.org/tracker/data/json 38.1.0