VulnerableCode Package Details - pkg:deb/debian/phpmyadmin@4:4.5.4-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3yp5-vqej-r7hh	Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin allow remote authenticated users to inject arbitrary web script or HTML.	CVE-2016-2040 GHSA-pw34-qf6c-84fc
VCID-but8-t37e-kfdb	phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-6)	CVE-2016-2042
VCID-bwck-hexx-bff8	Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.	CVE-2016-2045
VCID-f7gd-w9r7-xyb2	phpMyAdmin Cryptographic Vulnerability The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.	CVE-2016-1927 GHSA-4gmg-gwjh-3mmr
VCID-g438-3c4q-9bcf	libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.	CVE-2016-2044
VCID-h22a-2v9u-4ucf	Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.	CVE-2016-2043
VCID-jhqf-gw62-9ygq	security update	CVE-2016-2039
VCID-rggj-3cd7-m7hj	phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.	CVE-2016-2038
VCID-w37b-ep3h-tfaz	Covert Timing Channel `libraries/common.inc.php` in phpMyAdmin does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.	CVE-2016-2041 GHSA-8m97-xc46-rw9w

Vulnerability

Summary

Aliases

VCID-3yp5-vqej-r7hh

Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin allow remote authenticated users to inject arbitrary web script or HTML.

CVE-2016-2040
GHSA-pw34-qf6c-84fc

VCID-but8-t37e-kfdb

phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-6)

CVE-2016-2042

VCID-bwck-hexx-bff8

Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.

CVE-2016-2045

VCID-f7gd-w9r7-xyb2

phpMyAdmin Cryptographic Vulnerability The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.

CVE-2016-1927
GHSA-4gmg-gwjh-3mmr

VCID-g438-3c4q-9bcf

libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

CVE-2016-2044

VCID-h22a-2v9u-4ucf

Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.

CVE-2016-2043

VCID-jhqf-gw62-9ygq

security update

CVE-2016-2039

VCID-rggj-3cd7-m7hj

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

CVE-2016-2038

VCID-w37b-ep3h-tfaz

Covert Timing Channel `libraries/common.inc.php` in phpMyAdmin does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.

CVE-2016-2041
GHSA-8m97-xc46-rw9w

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:09:35.816358+00:00	Debian Importer	Fixing	VCID-but8-t37e-kfdb	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T13:04:37.317403+00:00	Debian Importer	Fixing	VCID-w37b-ep3h-tfaz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:42:36.798430+00:00	Debian Importer	Fixing	VCID-f7gd-w9r7-xyb2	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:43:05.616552+00:00	Debian Importer	Fixing	VCID-bwck-hexx-bff8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:16:13.190998+00:00	Debian Importer	Fixing	VCID-rggj-3cd7-m7hj	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:40:23.711368+00:00	Debian Importer	Fixing	VCID-g438-3c4q-9bcf	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:37:47.987094+00:00	Debian Importer	Fixing	VCID-h22a-2v9u-4ucf	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:32:45.080283+00:00	Debian Importer	Fixing	VCID-3yp5-vqej-r7hh	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:25:22.735491+00:00	Debian Importer	Fixing	VCID-jhqf-gw62-9ygq	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:03:12.056771+00:00	Debian Importer	Fixing	VCID-but8-t37e-kfdb	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:59:28.834739+00:00	Debian Importer	Fixing	VCID-w37b-ep3h-tfaz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:42:49.139668+00:00	Debian Importer	Fixing	VCID-f7gd-w9r7-xyb2	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:59:13.709761+00:00	Debian Importer	Fixing	VCID-bwck-hexx-bff8	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:54:30.355494+00:00	Debian Importer	Fixing	VCID-rggj-3cd7-m7hj	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:26:09.427834+00:00	Debian Importer	Fixing	VCID-g438-3c4q-9bcf	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:24:35.190838+00:00	Debian Importer	Fixing	VCID-h22a-2v9u-4ucf	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:21:49.924382+00:00	Debian Importer	Fixing	VCID-3yp5-vqej-r7hh	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:17:19.417446+00:00	Debian Importer	Fixing	VCID-jhqf-gw62-9ygq	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:49:51.650922+00:00	Debian Importer	Fixing	VCID-bwck-hexx-bff8	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:51.608994+00:00	Debian Importer	Fixing	VCID-g438-3c4q-9bcf	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:51.567218+00:00	Debian Importer	Fixing	VCID-h22a-2v9u-4ucf	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:51.525231+00:00	Debian Importer	Fixing	VCID-but8-t37e-kfdb	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:51.482337+00:00	Debian Importer	Fixing	VCID-w37b-ep3h-tfaz	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:51.440266+00:00	Debian Importer	Fixing	VCID-3yp5-vqej-r7hh	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:51.398370+00:00	Debian Importer	Fixing	VCID-jhqf-gw62-9ygq	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:51.356552+00:00	Debian Importer	Fixing	VCID-rggj-3cd7-m7hj	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:51.314445+00:00	Debian Importer	Fixing	VCID-f7gd-w9r7-xyb2	https://security-tracker.debian.org/tracker/data/json	38.1.0