VulnerableCode Package Details - pkg:deb/debian/phpmyadmin@4:5.2.1%2Bdfsg-1?distro=trixie

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/phpmyadmin@4:5.2.1%2Bdfsg-1?distro=trixie

purl	pkg:deb/debian/phpmyadmin@4:5.2.1%2Bdfsg-1?distro=trixie

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-ym9b-4su6-6fbr	Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger Cross-site Scripting (XSS) by uploading a crafted .sql file through the drag-and-drop interface. By disabling the configuration directive `$cfg['enable_drag_drop_import']`, users will be unable to use the drag and drop upload which would protect against the vulnerability.	CVE-2023-25727 GHSA-6hr3-44gx-g6wh

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T08:55:18.101655+00:00	Debian Importer	Fixing	VCID-ym9b-4su6-6fbr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-11T17:59:16.732985+00:00	Debian Importer	Fixing	VCID-ym9b-4su6-6fbr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:49:56.114955+00:00	Debian Importer	Fixing	VCID-ym9b-4su6-6fbr	https://security-tracker.debian.org/tracker/data/json	38.1.0