phpMyAdmin

Multiple XSS and HTML injection attacks in setup script Affected Versions phpMyAdmin versions of the 5.1 branch prior to 5.1.2 are affected. CVE ID CVE-2022-23808

Two factor authentication bypass Affected Versions phpMyAdmin versions of the 4.9 branch prior to 4.9.8 and 5.1 prior to 5.1.2 are affected. CVE ID CVE-2022-23807

SQL injection vulnerability in SearchController Affected Versions phpMyAdmin 4.9.x releases prior to 4.9.6 and the 5.0.x releases prior to 5.0.3 are affected. CVE ID CVE-2020-26935

XSS relating to the transformation feature Affected Versions phpMyAdmin 4.9.x releases prior to 4.9.6 and the 5.0.x releases prior to 5.0.3 are affected. We believe the flaw was introduced with phpMyAdmin 2.5.0. CVE ID CVE-2020-26934

SQL injection with processing username Affected Versions phpMyAdmin 4.9.x releases prior to 4.9.5 and the 5.0.x releases prior to 5.0.2 are affected. CVE ID CVE-2020-10804

SQL injection relating to data display Affected Versions phpMyAdmin 4.9.x releases prior to 4.9.5 and the 5.0.x releases prior to 5.0.2 are affected. We believe the flaw was introduced with phpMyAdmin 3.4. CVE ID CVE-2020-10803

SQL injection relating to searching Affected Versions phpMyAdmin 4.9.x releases prior to 4.9.5 and the 5.0.x releases prior to 5.0.2 are affected. CVE ID CVE-2020-10802

SQL injection in user accounts page Affected Versions phpMyAdmin 4.x versions prior to 4.9.4 are affected, at least as old as 4.0.0. phpMyAdmin 5.x version 5.0.0 is affected. CVE ID CVE-2020-5504

SQL injection in Designer feature Affected Versions phpMyAdmin versions prior to 4.9.2 are affected, at least as old as 4.7.7. CVE ID CVE-2019-18622