VulnerableCode Package Details - pkg:deb/debian/phppgadmin@7.14.7%2Bdfsg-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2vh3-f3t5-vbbs	Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter.	CVE-2005-2256
VCID-3xbu-xm1n-ffa7	phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to visit a malicious page with a CSRF exploit and execute arbitrary system commands on the server.	CVE-2019-10784
VCID-4fqy-vu7b-5qaf	phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.	CVE-2023-40619
VCID-93va-4zq1-1qdw	John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message.	CVE-2004-2664
VCID-bp2y-n3cz-x3ha	The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for (1) server.php, (2) adodb-errorpear.inc.php, (3) adodb-iterator.inc.php, (4) adodb-pear.inc.php, (5) adodb-perf.inc.php, (6) adodb-xmlschema.inc.php, and (7) adodb.inc.php; files in datadict including (8) datadict-access.inc.php, (9) datadict-db2.inc.php, (10) datadict-generic.inc.php, (11) datadict-ibase.inc.php, (12) datadict-informix.inc.php, (13) datadict-mssql.inc.php, (14) datadict-mysql.inc.php, (15) datadict-oci8.inc.php, (16) datadict-postgres.inc.php, and (17) datadict-sybase.inc.php; files in drivers/ including (18) adodb-access.inc.php, (19) adodb-ado.inc.php, (20) adodb-ado_access.inc.php, (21) adodb-ado_mssql.inc.php, (22) adodb-borland_ibase.inc.php, (23) adodb-csv.inc.php, (24) adodb-db2.inc.php, (25) adodb-fbsql.inc.php, (26) adodb-firebird.inc.php, (27) adodb-ibase.inc.php, (28) adodb-informix.inc.php, (29) adodb-informix72.inc.php, (30) adodb-mssql.inc.php, (31) adodb-mssqlpo.inc.php, (32) adodb-mysql.inc.php, (33) adodb-mysqli.inc.php, (34) adodb-mysqlt.inc.php, (35) adodb-oci8.inc.php, (36) adodb-oci805.inc.php, (37) adodb-oci8po.inc.php, (38) adodb-odbc.inc.php, (39) adodb-odbc_mssql.inc.php, (40) adodb-odbc_oracle.inc.php, (41) adodb-oracle.inc.php, (42) adodb-postgres64.inc.php, (43) adodb-postgres7.inc.php, (44) adodb-proxy.inc.php, (45) adodb-sapdb.inc.php, (46) adodb-sqlanywhere.inc.php, (47) adodb-sqlite.inc.php, (48) adodb-sybase.inc.php, (49) adodb-vfp.inc.php; file in perf/ including (50) perf-db2.inc.php, (51) perf-informix.inc.php, (52) perf-mssql.inc.php, (53) perf-mysql.inc.php, (54) perf-oci8.inc.php, (55) perf-postgres.inc.php; tests/ files (56) benchmark.php, (57) client.php, (58) test-datadict.php, (59) test-perf.php, (60) test-pgblob.php, (61) test-php5.php, (62) test-xmlschema.php, (63) test.php, (64) test2.php, (65) test3.php, (66) test4.php, (67) test5.php, (68) test_rs_array.php, (69) testcache.php, (70) testdatabases.inc.php, (71) testgenid.php, (72) testmssql.php, (73) testoci8.php, (74) testoci8cursor.php, (75) testpaging.php, (76) testpear.php, (77) testsessions.php, (78) time.php, or (79) tmssql.php, which reveals the path in various error messages.	CVE-2006-4976
VCID-hz8d-gsr1-7yfn	Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php.	CVE-2011-3598
VCID-phnq-kx6f-xbfh	PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in John Lim ADOdb, possibly 4.01 and earlier, as used in Intechnic In-link 2.3.4, allows remote attackers to execute arbitrary PHP code via a URL in the ADODB_DIR parameter.	CVE-2006-4618
VCID-qtxz-h9d1-f7fn	Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.	CVE-2007-2865
VCID-sffr-khyu-fyek	Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a function.	CVE-2012-1600
VCID-t6jb-xrqa-ufbe	phpPgAdmin: directory traversal flaw in libraries/lib.inc.php	CVE-2008-5587
VCID-y196-3hd8-63e8	Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.	CVE-2007-5728

Vulnerability

Summary

Aliases

VCID-2vh3-f3t5-vbbs

Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter.

CVE-2005-2256

VCID-3xbu-xm1n-ffa7

phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to visit a malicious page with a CSRF exploit and execute arbitrary system commands on the server.

CVE-2019-10784

VCID-4fqy-vu7b-5qaf

phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.

CVE-2023-40619

VCID-93va-4zq1-1qdw

John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message.

CVE-2004-2664

VCID-bp2y-n3cz-x3ha

The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for (1) server.php, (2) adodb-errorpear.inc.php, (3) adodb-iterator.inc.php, (4) adodb-pear.inc.php, (5) adodb-perf.inc.php, (6) adodb-xmlschema.inc.php, and (7) adodb.inc.php; files in datadict including (8) datadict-access.inc.php, (9) datadict-db2.inc.php, (10) datadict-generic.inc.php, (11) datadict-ibase.inc.php, (12) datadict-informix.inc.php, (13) datadict-mssql.inc.php, (14) datadict-mysql.inc.php, (15) datadict-oci8.inc.php, (16) datadict-postgres.inc.php, and (17) datadict-sybase.inc.php; files in drivers/ including (18) adodb-access.inc.php, (19) adodb-ado.inc.php, (20) adodb-ado_access.inc.php, (21) adodb-ado_mssql.inc.php, (22) adodb-borland_ibase.inc.php, (23) adodb-csv.inc.php, (24) adodb-db2.inc.php, (25) adodb-fbsql.inc.php, (26) adodb-firebird.inc.php, (27) adodb-ibase.inc.php, (28) adodb-informix.inc.php, (29) adodb-informix72.inc.php, (30) adodb-mssql.inc.php, (31) adodb-mssqlpo.inc.php, (32) adodb-mysql.inc.php, (33) adodb-mysqli.inc.php, (34) adodb-mysqlt.inc.php, (35) adodb-oci8.inc.php, (36) adodb-oci805.inc.php, (37) adodb-oci8po.inc.php, (38) adodb-odbc.inc.php, (39) adodb-odbc_mssql.inc.php, (40) adodb-odbc_oracle.inc.php, (41) adodb-oracle.inc.php, (42) adodb-postgres64.inc.php, (43) adodb-postgres7.inc.php, (44) adodb-proxy.inc.php, (45) adodb-sapdb.inc.php, (46) adodb-sqlanywhere.inc.php, (47) adodb-sqlite.inc.php, (48) adodb-sybase.inc.php, (49) adodb-vfp.inc.php; file in perf/ including (50) perf-db2.inc.php, (51) perf-informix.inc.php, (52) perf-mssql.inc.php, (53) perf-mysql.inc.php, (54) perf-oci8.inc.php, (55) perf-postgres.inc.php; tests/ files (56) benchmark.php, (57) client.php, (58) test-datadict.php, (59) test-perf.php, (60) test-pgblob.php, (61) test-php5.php, (62) test-xmlschema.php, (63) test.php, (64) test2.php, (65) test3.php, (66) test4.php, (67) test5.php, (68) test_rs_array.php, (69) testcache.php, (70) testdatabases.inc.php, (71) testgenid.php, (72) testmssql.php, (73) testoci8.php, (74) testoci8cursor.php, (75) testpaging.php, (76) testpear.php, (77) testsessions.php, (78) time.php, or (79) tmssql.php, which reveals the path in various error messages.

CVE-2006-4976

VCID-hz8d-gsr1-7yfn

Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php.

CVE-2011-3598

VCID-phnq-kx6f-xbfh

PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in John Lim ADOdb, possibly 4.01 and earlier, as used in Intechnic In-link 2.3.4, allows remote attackers to execute arbitrary PHP code via a URL in the ADODB_DIR parameter.

CVE-2006-4618

VCID-qtxz-h9d1-f7fn

Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.

CVE-2007-2865

VCID-sffr-khyu-fyek

Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a function.

CVE-2012-1600

VCID-t6jb-xrqa-ufbe

phpPgAdmin: directory traversal flaw in libraries/lib.inc.php

CVE-2008-5587

VCID-y196-3hd8-63e8

Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.

CVE-2007-5728

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:29:15.330256+00:00	Debian Importer	Fixing	VCID-93va-4zq1-1qdw	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T13:24:33.203799+00:00	Debian Importer	Fixing	VCID-t6jb-xrqa-ufbe	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:04:47.089398+00:00	Debian Importer	Fixing	VCID-phnq-kx6f-xbfh	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:27:58.508577+00:00	Debian Importer	Fixing	VCID-4fqy-vu7b-5qaf	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:21:01.359513+00:00	Debian Importer	Fixing	VCID-sffr-khyu-fyek	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:55:22.002015+00:00	Debian Importer	Fixing	VCID-3xbu-xm1n-ffa7	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:42:08.576051+00:00	Debian Importer	Fixing	VCID-y196-3hd8-63e8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:02:39.112953+00:00	Debian Importer	Fixing	VCID-hz8d-gsr1-7yfn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:29:12.008237+00:00	Debian Importer	Fixing	VCID-2vh3-f3t5-vbbs	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:13:45.449460+00:00	Debian Importer	Fixing	VCID-qtxz-h9d1-f7fn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:08:09.313679+00:00	Debian Importer	Fixing	VCID-bp2y-n3cz-x3ha	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:18:26.555466+00:00	Debian Importer	Fixing	VCID-93va-4zq1-1qdw	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T09:14:55.656130+00:00	Debian Importer	Fixing	VCID-t6jb-xrqa-ufbe	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:15:17.358560+00:00	Debian Importer	Fixing	VCID-phnq-kx6f-xbfh	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:48:48.352679+00:00	Debian Importer	Fixing	VCID-4fqy-vu7b-5qaf	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:43:36.350527+00:00	Debian Importer	Fixing	VCID-sffr-khyu-fyek	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:24:15.606951+00:00	Debian Importer	Fixing	VCID-3xbu-xm1n-ffa7	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:14:19.756567+00:00	Debian Importer	Fixing	VCID-y196-3hd8-63e8	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:44:15.583356+00:00	Debian Importer	Fixing	VCID-hz8d-gsr1-7yfn	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:19:34.932103+00:00	Debian Importer	Fixing	VCID-2vh3-f3t5-vbbs	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:10:23.033602+00:00	Debian Importer	Fixing	VCID-qtxz-h9d1-f7fn	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:07:05.109915+00:00	Debian Importer	Fixing	VCID-bp2y-n3cz-x3ha	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:49:56.551000+00:00	Debian Importer	Fixing	VCID-4fqy-vu7b-5qaf	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:56.534472+00:00	Debian Importer	Fixing	VCID-3xbu-xm1n-ffa7	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:56.509942+00:00	Debian Importer	Fixing	VCID-sffr-khyu-fyek	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:56.487104+00:00	Debian Importer	Fixing	VCID-hz8d-gsr1-7yfn	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:56.461372+00:00	Debian Importer	Fixing	VCID-t6jb-xrqa-ufbe	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:56.435496+00:00	Debian Importer	Fixing	VCID-y196-3hd8-63e8	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:56.409645+00:00	Debian Importer	Fixing	VCID-qtxz-h9d1-f7fn	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:56.384615+00:00	Debian Importer	Fixing	VCID-bp2y-n3cz-x3ha	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:56.363206+00:00	Debian Importer	Fixing	VCID-phnq-kx6f-xbfh	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:56.340244+00:00	Debian Importer	Fixing	VCID-2vh3-f3t5-vbbs	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:56.311284+00:00	Debian Importer	Fixing	VCID-93va-4zq1-1qdw	https://security-tracker.debian.org/tracker/data/json	38.1.0