VulnerableCode Package Details - pkg:composer/phpmyadmin/phpmyadmin@4.1.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-4age-g5bt-r7f8 Aliases: CVE-2014-4986 GHSA-jqmr-wqgp-8mh2	phpMyAdmin cross-site scripting Vulnerability in Table or Column Names Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message.	4.1.14+2 Affected by 0 other vulnerabilities. 4.2.6 Affected by 0 other vulnerabilities.
VCID-4r9b-k2zk-1kb1 Aliases: CVE-2014-8326 GHSA-pvr5-84gr-g985	phpMyAdmin Implementation XSS Vulnerability on Server Monitor Page Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the `libraries/DatabaseInterface.class.php` code for SQL debug output and the `js/server_status_monitor.js` code for the server monitor page.	4.1.14+6 Affected by 0 other vulnerabilities. 4.2.10+1 Affected by 0 other vulnerabilities.
VCID-838f-2f1n-pkh2 Aliases: CVE-2014-7217 GHSA-wv8g-fx9j-q2jg	phpMyAdmin cross-site scripting Vulnerability via ENUM value Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to `libraries/TableSearch.class.php` and `libraries/Util.class.php`.	4.1.14+5 Affected by 0 other vulnerabilities. 4.2.9+1 Affected by 0 other vulnerabilities.
VCID-gce6-e4d3-gkge Aliases: CVE-2014-5274 GHSA-q586-xpwr-jc3j	phpMyAdmin cross-site scripting vulnerability in crafted view name A cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to `js/functions.js`.	4.1.14+3 Affected by 0 other vulnerabilities. 4.2.7+1 Affected by 0 other vulnerabilities.
VCID-rby8-8wrn-h7df Aliases: CVE-2014-6300 GHSA-6wfj-2mw7-p5cg	phpMyAdmin micro history Implementation XSS Vulnerability Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.	4.1.14+4 Affected by 0 other vulnerabilities. 4.2.8+1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-4age-g5bt-r7f8
Aliases:
CVE-2014-4986
GHSA-jqmr-wqgp-8mh2

phpMyAdmin cross-site scripting Vulnerability in Table or Column Names Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message.

4.1.14+2
Affected by 0 other vulnerabilities.

4.2.6
Affected by 0 other vulnerabilities.

VCID-4r9b-k2zk-1kb1
Aliases:
CVE-2014-8326
GHSA-pvr5-84gr-g985

phpMyAdmin Implementation XSS Vulnerability on Server Monitor Page Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the `libraries/DatabaseInterface.class.php` code for SQL debug output and the `js/server_status_monitor.js` code for the server monitor page.

4.1.14+6
Affected by 0 other vulnerabilities.

4.2.10+1
Affected by 0 other vulnerabilities.

VCID-838f-2f1n-pkh2
Aliases:
CVE-2014-7217
GHSA-wv8g-fx9j-q2jg

phpMyAdmin cross-site scripting Vulnerability via ENUM value Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to `libraries/TableSearch.class.php` and `libraries/Util.class.php`.

4.1.14+5
Affected by 0 other vulnerabilities.

4.2.9+1
Affected by 0 other vulnerabilities.

VCID-gce6-e4d3-gkge
Aliases:
CVE-2014-5274
GHSA-q586-xpwr-jc3j

phpMyAdmin cross-site scripting vulnerability in crafted view name A cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to `js/functions.js`.

4.1.14+3
Affected by 0 other vulnerabilities.

4.2.7+1
Affected by 0 other vulnerabilities.

VCID-rby8-8wrn-h7df
Aliases:
CVE-2014-6300
GHSA-6wfj-2mw7-p5cg

phpMyAdmin micro history Implementation XSS Vulnerability Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.

4.1.14+4
Affected by 0 other vulnerabilities.

4.2.8+1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-02T12:42:53.925198+00:00	GHSA Importer	Affected by	VCID-838f-2f1n-pkh2	https://github.com/advisories/GHSA-wv8g-fx9j-q2jg	37.0.0
2025-08-02T12:42:42.873390+00:00	GHSA Importer	Affected by	VCID-4age-g5bt-r7f8	https://github.com/advisories/GHSA-jqmr-wqgp-8mh2	37.0.0
2025-08-02T12:41:50.128821+00:00	GHSA Importer	Affected by	VCID-rby8-8wrn-h7df	https://github.com/advisories/GHSA-6wfj-2mw7-p5cg	37.0.0
2025-08-02T12:41:47.546743+00:00	GHSA Importer	Affected by	VCID-4r9b-k2zk-1kb1	https://github.com/advisories/GHSA-pvr5-84gr-g985	37.0.0
2025-08-02T12:41:47.403815+00:00	GHSA Importer	Affected by	VCID-gce6-e4d3-gkge	https://github.com/advisories/GHSA-q586-xpwr-jc3j	37.0.0
2025-08-02T09:10:26.308736+00:00	GitLab Importer	Affected by	VCID-4age-g5bt-r7f8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2014-4986.yml	37.0.0
2025-08-02T09:10:08.396172+00:00	GitLab Importer	Affected by	VCID-838f-2f1n-pkh2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2014-7217.yml	37.0.0
2025-07-31T09:28:02.810555+00:00	GitLab Importer	Affected by	VCID-rby8-8wrn-h7df	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2014-6300.yml	37.0.0
2025-07-31T09:27:58.104763+00:00	GitLab Importer	Affected by	VCID-4r9b-k2zk-1kb1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2014-8326.yml	37.0.0
2025-07-31T09:27:43.058106+00:00	GitLab Importer	Affected by	VCID-gce6-e4d3-gkge	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2014-5274.yml	37.0.0