Search for packages
Package details: pkg:composer/phpmyadmin/phpmyadmin@4.5.1
purl pkg:composer/phpmyadmin/phpmyadmin@4.5.1
Tags Ghost
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-84pb-neh5-73by
Aliases:
CVE-2016-2041
GHSA-8m97-xc46-rw9w
phpMyAdmin Unsafe comparison of XSRF/CSRF token libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.
4.5.4
Affected by 2 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-9h1t-5fsg-bbcp
Aliases:
CVE-2016-2559
GHSA-7rf8-9r8f-qf59
phpMyAdmin Cross-site scripting (XSS) vulnerability in SQL parser Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.
4.5.5+1
Affected by 0 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-qxgd-ufvd-nue7
Aliases:
CVE-2016-2040
GHSA-pw34-qf6c-84fc
phpMyAdmin XSS Vulnerability Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header.
4.5.4
Affected by 2 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
VCID-r3az-36ru-jbhv
Aliases:
CVE-2016-2562
GHSA-w8qg-j9fp-hrjf
phpMyAdmin Improper Input Validation The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.
4.5.5+1
Affected by 0 other vulnerabilities.
4.7.0
Affected by 22 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-08-02T12:42:43.839262+00:00 GHSA Importer Fixing VCID-f4bk-253j-fkgv https://github.com/advisories/GHSA-5pmg-qh2c-7j24 37.0.0
2025-07-31T09:28:17.754622+00:00 GitLab Importer Fixing VCID-f4bk-253j-fkgv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2015-7873.yml 37.0.0
2025-07-31T09:21:26.855733+00:00 GitLab Importer Affected by VCID-r3az-36ru-jbhv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2562.yml 37.0.0
2025-07-31T09:21:26.790970+00:00 GitLab Importer Affected by VCID-9h1t-5fsg-bbcp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2559.yml 37.0.0
2025-07-31T09:21:25.961361+00:00 GitLab Importer Affected by VCID-84pb-neh5-73by https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2041.yml 37.0.0
2025-07-31T09:21:25.785584+00:00 GitLab Importer Affected by VCID-qxgd-ufvd-nue7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2040.yml 37.0.0
2025-07-31T09:10:42.536407+00:00 GithubOSV Importer Fixing VCID-f4bk-253j-fkgv https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5pmg-qh2c-7j24/GHSA-5pmg-qh2c-7j24.json 37.0.0