Search for packages
| purl | pkg:composer/phpmyadmin/phpmyadmin@5.1.4 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-23az-qkmn-gbe3
Aliases: CVE-2025-24530 GHSA-222v-cx2c-q2f5 |
phpMyAdmin XSS when checking tables An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS. |
Affected by 0 other vulnerabilities. |
|
VCID-weje-ut8w-3fh9
Aliases: CVE-2023-25727 GHSA-6hr3-44gx-g6wh |
Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger Cross-site Scripting (XSS) by uploading a crafted .sql file through the drag-and-drop interface. By disabling the configuration directive `$cfg['enable_drag_drop_import']`, users will be unable to use the drag and drop upload which would protect against the vulnerability. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-08-01T12:09:17.066649+00:00 | GitLab Importer | Affected by | VCID-23az-qkmn-gbe3 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2025-24530.yml | 37.0.0 |
| 2025-08-01T11:00:46.149665+00:00 | GitLab Importer | Affected by | VCID-weje-ut8w-3fh9 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2023-25727.yml | 37.0.0 |