phpmyadmin security advisories

6 threat alerts tracking vulnerabilities and security advisories that affect phpmyadmin products.

Vulnios monitors phpmyadmin CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent phpmyadmin security news in one place, or click into an individual alert for full detail.

Critical Vulnerability: CVE-2016-9865 — phpmyadmin — phpmyadmin
An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5
criticalCVE-2016-9865
Critical Vulnerability: CVE-2016-9866 — phpmyadmin — phpmyadmin
An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4
criticalCVE-2016-9866
Critical Vulnerability: CVE-2016-6629 — phpmyadmin — phpmyadmin
An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by Ar
criticalCVE-2016-6629
Critical Vulnerability: CVE-2016-9849 — phpmyadmin — phpmyadmin
An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versi
criticalCVE-2016-9849
Critical Vulnerability: CVE-2016-6620 — phpmyadmin — phpmyadmin
An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution beca
criticalCVE-2016-6620
Critical Vulnerability: CVE-2016-5734 — phpmyadmin — phpmyadmin
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote
criticalCVE-2016-5734

Track phpmyadmin exposure across your environment

Vulnios automatically cross-references your asset inventory against new phpmyadmin CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.

Start a free scan

phpmyadmin security advisories

Critical Vulnerability: CVE-2016-9865 — phpmyadmin — phpmyadmin

Critical Vulnerability: CVE-2016-9866 — phpmyadmin — phpmyadmin

Critical Vulnerability: CVE-2016-6629 — phpmyadmin — phpmyadmin

Critical Vulnerability: CVE-2016-9849 — phpmyadmin — phpmyadmin

Critical Vulnerability: CVE-2016-6620 — phpmyadmin — phpmyadmin

Critical Vulnerability: CVE-2016-5734 — phpmyadmin — phpmyadmin

Track phpmyadmin exposure across your environment