VulnerableCode Package Details - pkg:deb/debian/phpmyadmin@4:2.10.0.2-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3pn2-zxhu-xqez	Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>.	CVE-2007-1395
VCID-whsp-haxh-yqas	The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin.	CVE-2007-1325

Vulnerability

Summary

Aliases

VCID-3pn2-zxhu-xqez

Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>.

CVE-2007-1395

VCID-whsp-haxh-yqas

The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin.

CVE-2007-1325

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:28:11.024555+00:00	Debian Importer	Fixing	VCID-whsp-haxh-yqas	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:52:04.810703+00:00	Debian Importer	Fixing	VCID-3pn2-zxhu-xqez	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T07:48:56.848409+00:00	Debian Importer	Fixing	VCID-whsp-haxh-yqas	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:57:17.178701+00:00	Debian Importer	Fixing	VCID-3pn2-zxhu-xqez	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:49:46.673826+00:00	Debian Importer	Fixing	VCID-3pn2-zxhu-xqez	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:46.632521+00:00	Debian Importer	Fixing	VCID-whsp-haxh-yqas	https://security-tracker.debian.org/tracker/data/json	38.1.0