Search for packages
| purl | pkg:composer/phpmyadmin/phpmyadmin@4.6.2 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2739-kr2f-fbd8
Aliases: CVE-2016-5731 GHSA-mwm8-36c5-j5cf |
phpMyAdmin Cross-site scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message. |
Affected by 13 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-rspx-kym8-xydx
Aliases: CVE-2016-5730 GHSA-wm9c-vcv2-vpqc |
phpMyAdmin full path disclosure vulnerability phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message. |
Affected by 13 other vulnerabilities. Affected by 22 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-31T09:21:32.972119+00:00 | GitLab Importer | Affected by | VCID-2739-kr2f-fbd8 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-5731.yml | 37.0.0 |
| 2025-07-31T09:21:32.937891+00:00 | GitLab Importer | Affected by | VCID-rspx-kym8-xydx | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-5730.yml | 37.0.0 |