Search for packages
| purl | pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B12 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-84pb-neh5-73by
Aliases: CVE-2016-2041 GHSA-8m97-xc46-rw9w |
phpMyAdmin Unsafe comparison of XSRF/CSRF token libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences. |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-qxgd-ufvd-nue7
Aliases: CVE-2016-2040 GHSA-pw34-qf6c-84fc |
phpMyAdmin XSS Vulnerability Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header. |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 22 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-31T09:21:25.905930+00:00 | GitLab Importer | Affected by | VCID-84pb-neh5-73by | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2041.yml | 37.0.0 |
| 2025-07-31T09:21:25.723116+00:00 | GitLab Importer | Affected by | VCID-qxgd-ufvd-nue7 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2040.yml | 37.0.0 |