VulnerableCode Package Details - pkg:composer/phpmyadmin/phpmyadmin@2.11.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-mha9-eymv-9bgc Aliases: CVE-2008-7252 GHSA-9645-6g72-2pv8	phpMyAdmin unsafely handles temporary files `libraries/File.class.php` in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.	2.11.10 Affected by 0 other vulnerabilities.
VCID-pgp8-88t4-m7a6 Aliases: CVE-2009-3696 GHSA-5pvv-f8h3-gw96	phpMyAdmin Cross-site Scripting In MySQL Table Name Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table.	2.11.9+6 Affected by 0 other vulnerabilities. 3.2.2+1 Affected by 0 other vulnerabilities.
VCID-zeb7-vr2y-8qgg Aliases: CVE-2011-0986 GHSA-wcmm-28rg-mg3r	phpMyAdmin allows remote attackers to obtain installation path via direct request for nonexistent file phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file.	2.11.11+2 Affected by 0 other vulnerabilities. 3.3.9+1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-mha9-eymv-9bgc
Aliases:
CVE-2008-7252
GHSA-9645-6g72-2pv8

phpMyAdmin unsafely handles temporary files `libraries/File.class.php` in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.

2.11.10
Affected by 0 other vulnerabilities.

VCID-pgp8-88t4-m7a6
Aliases:
CVE-2009-3696
GHSA-5pvv-f8h3-gw96

phpMyAdmin Cross-site Scripting In MySQL Table Name Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table.

2.11.9+6
Affected by 0 other vulnerabilities.

3.2.2+1
Affected by 0 other vulnerabilities.

VCID-zeb7-vr2y-8qgg
Aliases:
CVE-2011-0986
GHSA-wcmm-28rg-mg3r

phpMyAdmin allows remote attackers to obtain installation path via direct request for nonexistent file phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file.

2.11.11+2
Affected by 0 other vulnerabilities.

3.3.9+1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-02T12:43:10.136000+00:00	GHSA Importer	Affected by	VCID-mha9-eymv-9bgc	https://github.com/advisories/GHSA-9645-6g72-2pv8	37.0.0
2025-08-02T12:42:29.687130+00:00	GHSA Importer	Affected by	VCID-zeb7-vr2y-8qgg	https://github.com/advisories/GHSA-wcmm-28rg-mg3r	37.0.0
2025-08-02T09:10:07.919738+00:00	GitLab Importer	Affected by	VCID-zeb7-vr2y-8qgg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2011-0986.yml	37.0.0
2025-08-02T09:10:03.354591+00:00	GitLab Importer	Affected by	VCID-mha9-eymv-9bgc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2008-7252.yml	37.0.0
2025-07-31T12:32:12.253465+00:00	GHSA Importer	Affected by	VCID-pgp8-88t4-m7a6	https://github.com/advisories/GHSA-5pvv-f8h3-gw96	37.0.0
2025-07-31T09:26:53.666163+00:00	GitLab Importer	Affected by	VCID-pgp8-88t4-m7a6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2009-3696.yml	37.0.0