VulnerableCode Package Details - pkg:composer/phpmyadmin/phpmyadmin@3.4.0

Search for packages

Package details: pkg:composer/phpmyadmin/phpmyadmin@3.4.0

Essentials
History (25)

purl	pkg:composer/phpmyadmin/phpmyadmin@3.4.0
Tags	Ghost

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	10.0

Vulnerabilities affecting this package (13)

Vulnerability	Summary	Fixed by
VCID-1chy-7bvj-hqb4 Aliases: CVE-2011-4107 GHSA-q4mm-89q2-xffg	phpMyAdmin vulnerable to XML external entity (XXE) injection attack The `simplexml_load_string` function in the XML import plug-in (`libraries/import/xml.php`) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.	3.4.7+1 Affected by 0 other vulnerabilities.
VCID-1qyp-8vuv-x7h2 Aliases: CVE-2011-1941 GHSA-v6fw-xf2c-8q43	phpMyAdmin Open Redirect in redirector Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.	3.4.1 Affected by 0 other vulnerabilities.
VCID-4q2p-urvd-xbg9 Aliases: CVE-2011-2718 GHSA-xhqq-554j-p4x8	phpMyAdmin Directory Traversal Vulnerability Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) `libraries/schema/User_Schema.class.php` and (2) `schema_export.php`.	3.4.3+2 Affected by 0 other vulnerabilities.
VCID-68cy-6u5d-hubd Aliases: CVE-2011-4782 GHSA-2h23-c973-x63q	phpMyAdmin Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter.	3.4.9 Affected by 0 other vulnerabilities.
VCID-723p-c3ak-myfz Aliases: CVE-2011-3592 GHSA-5p69-rmx8-7gw7	phpMyAdmin Multiple XSS Vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in the `PMA_unInlineEditRow` function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a (1) database name, (2) table name, or (3) column name that is not properly handled after an inline-editing operation.	3.4.5 Affected by 0 other vulnerabilities.
VCID-cqpd-4b3p-27hu Aliases: CVE-2011-1940 GHSA-4q58-5x28-53wv	phpMyAdmin Vulnerable to Cross-Site Scripting Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php.	3.4.1 Affected by 0 other vulnerabilities.
VCID-jjfk-u9s4-97hp Aliases: CVE-2011-2508 GHSA-q6vw-39cg-wjjf	phpMyAdmin Directory Traversal vulnerability Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter.	3.4.3+1 Affected by 0 other vulnerabilities.
VCID-qfq1-gecz-cuf1 Aliases: CVE-2011-3591 GHSA-3p87-w3c5-27gf	phpMyAdmin Multiple XSS Vulnerabilities After Inline Editing and Save Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to (1) `js/functions.js` and (2) `js/tbl_structure.js`.	3.4.5 Affected by 0 other vulnerabilities.
VCID-qzk4-3xtf-r3g4 Aliases: CVE-2012-4345 GHSA-r3pq-mp8v-cp33	phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name.	3.4.11+1 Affected by 0 other vulnerabilities. 3.5.2+2 Affected by 0 other vulnerabilities.
VCID-r7gb-sdkq-kfc6 Aliases: CVE-2011-2505 GHSA-vqcm-r62w-w437	phpMyAdmin remote variable manipulation `libraries/auth/swekey/swekey.auth.lib.php` in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the `SESSION` superglobal array via a crafted request, related to a "remote variable manipulation vulnerability."	3.4.3+1 Affected by 0 other vulnerabilities.
VCID-rsrn-hcvf-8qhp Aliases: CVE-2011-2506 GHSA-p6h7-29r2-g88f	phpMyAdmin vulnerable to static code injection `setup/lib/ConfigGenerator.class.php` in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.	3.4.3+1 Affected by 0 other vulnerabilities.
VCID-x7gr-hgqa-2uek Aliases: CVE-2020-10803 GHSA-fcww-8wvc-38q9	In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.	4.9.5 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.0.2 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-yj3k-52pf-w3e9 Aliases: CVE-2011-4634 GHSA-9j9h-cpgc-8356	phpMyAdmin vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel; (2) a crafted database name, related to the Database rename panel; (3) a crafted SQL query, related to the table overview panel; (4) a crafted SQL query, related to the view creation dialog; (5) a crafted column type, related to the table search dialog; or (6) a crafted column type, related to the create index dialog.	3.4.8 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-02T12:43:54.812979+00:00	GHSA Importer	Affected by	VCID-x7gr-hgqa-2uek	https://github.com/advisories/GHSA-fcww-8wvc-38q9	37.0.0
2025-08-02T12:43:09.377517+00:00	GHSA Importer	Affected by	VCID-1qyp-8vuv-x7h2	https://github.com/advisories/GHSA-v6fw-xf2c-8q43	37.0.0
2025-08-02T12:43:07.770342+00:00	GHSA Importer	Affected by	VCID-cqpd-4b3p-27hu	https://github.com/advisories/GHSA-4q58-5x28-53wv	37.0.0
2025-08-02T12:43:07.695653+00:00	GHSA Importer	Affected by	VCID-yj3k-52pf-w3e9	https://github.com/advisories/GHSA-9j9h-cpgc-8356	37.0.0
2025-08-02T12:43:06.570636+00:00	GHSA Importer	Affected by	VCID-qzk4-3xtf-r3g4	https://github.com/advisories/GHSA-r3pq-mp8v-cp33	37.0.0
2025-08-02T12:42:56.248273+00:00	GHSA Importer	Affected by	VCID-723p-c3ak-myfz	https://github.com/advisories/GHSA-5p69-rmx8-7gw7	37.0.0
2025-08-02T12:42:56.212528+00:00	GHSA Importer	Affected by	VCID-qfq1-gecz-cuf1	https://github.com/advisories/GHSA-3p87-w3c5-27gf	37.0.0
2025-08-02T12:42:28.259775+00:00	GHSA Importer	Affected by	VCID-4q2p-urvd-xbg9	https://github.com/advisories/GHSA-xhqq-554j-p4x8	37.0.0
2025-08-02T12:42:28.152844+00:00	GHSA Importer	Affected by	VCID-1chy-7bvj-hqb4	https://github.com/advisories/GHSA-q4mm-89q2-xffg	37.0.0
2025-08-02T12:42:28.065246+00:00	GHSA Importer	Affected by	VCID-68cy-6u5d-hubd	https://github.com/advisories/GHSA-2h23-c973-x63q	37.0.0
2025-08-02T12:41:58.569476+00:00	GHSA Importer	Affected by	VCID-jjfk-u9s4-97hp	https://github.com/advisories/GHSA-q6vw-39cg-wjjf	37.0.0
2025-08-02T12:41:58.350450+00:00	GHSA Importer	Affected by	VCID-r7gb-sdkq-kfc6	https://github.com/advisories/GHSA-vqcm-r62w-w437	37.0.0
2025-08-02T12:41:58.295003+00:00	GHSA Importer	Affected by	VCID-rsrn-hcvf-8qhp	https://github.com/advisories/GHSA-p6h7-29r2-g88f	37.0.0
2025-08-02T09:10:27.333468+00:00	GitLab Importer	Affected by	VCID-yj3k-52pf-w3e9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2011-4634.yml	37.0.0
2025-08-02T09:10:25.757758+00:00	GitLab Importer	Affected by	VCID-qfq1-gecz-cuf1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2011-3591.yml	37.0.0
2025-08-02T09:10:21.420421+00:00	GitLab Importer	Affected by	VCID-qzk4-3xtf-r3g4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2012-4345.yml	37.0.0
2025-08-02T09:10:08.834452+00:00	GitLab Importer	Affected by	VCID-1qyp-8vuv-x7h2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2011-1941.yml	37.0.0
2025-07-31T09:28:14.558059+00:00	GitLab Importer	Affected by	VCID-4q2p-urvd-xbg9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2011-2718.yml	37.0.0
2025-07-31T09:28:13.830763+00:00	GitLab Importer	Affected by	VCID-723p-c3ak-myfz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2011-3592.yml	37.0.0
2025-07-31T09:28:10.800033+00:00	GitLab Importer	Affected by	VCID-1chy-7bvj-hqb4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2011-4107.yml	37.0.0
2025-07-31T09:28:10.446543+00:00	GitLab Importer	Affected by	VCID-cqpd-4b3p-27hu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2011-1940.yml	37.0.0
2025-07-31T09:28:09.281588+00:00	GitLab Importer	Affected by	VCID-68cy-6u5d-hubd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2011-4782.yml	37.0.0
2025-07-31T09:28:01.868812+00:00	GitLab Importer	Affected by	VCID-rsrn-hcvf-8qhp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2011-2506.yml	37.0.0
2025-07-31T09:28:00.059936+00:00	GitLab Importer	Affected by	VCID-r7gb-sdkq-kfc6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2011-2505.yml	37.0.0
2025-07-31T09:27:57.741720+00:00	GitLab Importer	Affected by	VCID-jjfk-u9s4-97hp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2011-2508.yml	37.0.0