Search for packages
Package details: pkg:composer/phpmyadmin/phpmyadmin@3.3.0
purl pkg:composer/phpmyadmin/phpmyadmin@3.3.0
Tags Ghost
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-1chy-7bvj-hqb4
Aliases:
CVE-2011-4107
GHSA-q4mm-89q2-xffg
phpMyAdmin vulnerable to XML external entity (XXE) injection attack The `simplexml_load_string` function in the XML import plug-in (`libraries/import/xml.php`) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
3.3.10+5
Affected by 0 other vulnerabilities.
3.4.7+1
Affected by 0 other vulnerabilities.
VCID-cqpd-4b3p-27hu
Aliases:
CVE-2011-1940
GHSA-4q58-5x28-53wv
phpMyAdmin Vulnerable to Cross-Site Scripting Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php.
3.3.10+1
Affected by 0 other vulnerabilities.
3.4.1
Affected by 0 other vulnerabilities.
VCID-jjfk-u9s4-97hp
Aliases:
CVE-2011-2508
GHSA-q6vw-39cg-wjjf
phpMyAdmin Directory Traversal vulnerability Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter.
3.3.10+2
Affected by 0 other vulnerabilities.
3.4.3+1
Affected by 0 other vulnerabilities.
VCID-zeb7-vr2y-8qgg
Aliases:
CVE-2011-0986
GHSA-wcmm-28rg-mg3r
phpMyAdmin allows remote attackers to obtain installation path via direct request for nonexistent file phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file.
3.3.9+1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-08-02T12:43:07.806770+00:00 GHSA Importer Affected by VCID-cqpd-4b3p-27hu https://github.com/advisories/GHSA-4q58-5x28-53wv 37.0.0
2025-08-02T12:42:29.727558+00:00 GHSA Importer Affected by VCID-zeb7-vr2y-8qgg https://github.com/advisories/GHSA-wcmm-28rg-mg3r 37.0.0
2025-08-02T12:42:28.209079+00:00 GHSA Importer Affected by VCID-1chy-7bvj-hqb4 https://github.com/advisories/GHSA-q4mm-89q2-xffg 37.0.0
2025-08-02T12:41:58.515686+00:00 GHSA Importer Affected by VCID-jjfk-u9s4-97hp https://github.com/advisories/GHSA-q6vw-39cg-wjjf 37.0.0
2025-08-02T09:10:07.925030+00:00 GitLab Importer Affected by VCID-zeb7-vr2y-8qgg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2011-0986.yml 37.0.0
2025-07-31T09:28:10.795187+00:00 GitLab Importer Affected by VCID-1chy-7bvj-hqb4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2011-4107.yml 37.0.0
2025-07-31T09:28:10.440615+00:00 GitLab Importer Affected by VCID-cqpd-4b3p-27hu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2011-1940.yml 37.0.0
2025-07-31T09:27:57.735941+00:00 GitLab Importer Affected by VCID-jjfk-u9s4-97hp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2011-2508.yml 37.0.0