VulnerableCode Package Details - pkg:composer/phpmyadmin/phpmyadmin@4.5.1

Search for packages

Package details: pkg:composer/phpmyadmin/phpmyadmin@4.5.1

Essentials
History (4)

purl	pkg:composer/phpmyadmin/phpmyadmin@4.5.1

Next non-vulnerable version	2.6.4-pl4
Latest non-vulnerable version	5.2.1
Risk

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-2f7e-49ww-e7cq Aliases: CVE-2016-2562	The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.	4.7.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-9cg5-td6p-j7ak Aliases: CVE-2016-2040	Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header.	4.7.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-urdw-rtvr-ubc6 Aliases: CVE-2016-2559	Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.	4.7.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-wmcm-eer8-zqf5 Aliases: CVE-2016-2041	libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.	4.7.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-12-19T18:21:18.498468+00:00	GitLab Importer	Affected by	VCID-2f7e-49ww-e7cq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2562.yml	37.0.0
2025-12-19T18:21:18.465840+00:00	GitLab Importer	Affected by	VCID-urdw-rtvr-ubc6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2559.yml	37.0.0
2025-12-19T18:21:18.033629+00:00	GitLab Importer	Affected by	VCID-wmcm-eer8-zqf5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2041.yml	37.0.0
2025-12-19T18:21:17.951982+00:00	GitLab Importer	Affected by	VCID-9cg5-td6p-j7ak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2040.yml	37.0.0