Search for packages
| purl | pkg:composer/phpmyadmin/phpmyadmin@4.5.3%2B1 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9h1t-5fsg-bbcp
Aliases: CVE-2016-2559 GHSA-7rf8-9r8f-qf59 |
phpMyAdmin Cross-site scripting (XSS) vulnerability in SQL parser Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query. |
Affected by 0 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-r3az-36ru-jbhv
Aliases: CVE-2016-2562 GHSA-w8qg-j9fp-hrjf |
phpMyAdmin Improper Input Validation The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate. |
Affected by 0 other vulnerabilities. Affected by 22 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-31T09:21:26.860956+00:00 | GitLab Importer | Affected by | VCID-r3az-36ru-jbhv | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2562.yml | 37.0.0 |
| 2025-07-31T09:21:26.796945+00:00 | GitLab Importer | Affected by | VCID-9h1t-5fsg-bbcp | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-2559.yml | 37.0.0 |