phpMyAdmin

phpMyAdmin

phpmyadmin
ChocolateyChocolatey
Unavailable
This project is no longer available (or publicly accessible) from Chocolatey
Releases2
Frequency10 months 2 weeks
Last Release
phpMyAdmin is a free software tool written in [PHP](https://php.net/), intended to handle the administration of [MySQL](https://www.mysql.com/) over the Web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. Frequently used operations (managing databases, tables, columns, relations, indexes, users, permissions, etc) can be performed via the user interface, while you still have the ability to directly execute any SQL statement. phpMyAdmin bookphpMyAdmin Starter phpMyAdmin comes with a wide range [of documentation](https://www.phpmyadmin.net/docs/) and users are welcome to update [our wiki pages](https://github.com/phpmyadmin/phpmyadmin/wiki) to share ideas and howtos for various operations. The [phpMyAdmin team](https://www.phpmyadmin.net/team/) will try to help you if you face any problem; you can use [a variety of support channels](https://www.phpmyadmin.net/support/) to get help. phpMyAdmin is also very deeply documented in a book written by one of the developers – [Mastering phpMyAdmin for Effective MySQL Management](https://www.packtpub.com/big-data-and-business-intelligence/mastering-phpmyadmin-34-effective-mysql-management), which is available in English and [Spanish](https://www.phpmyadmin.net/docs/#books). To ease usage to a wide range of people, phpMyAdmin is being translated into [72 languages](https://www.phpmyadmin.net/translations/) and supports both LTR and RTL languages. phpMyAdmin is a mature project with a stable and flexible code base; you can find out more about the [project and its history](https://www.phpmyadmin.net/about/) and the [awards](https://www.phpmyadmin.net/awards/) it earned. When the project turned 15, we published a [celebration page](https://www.phpmyadmin.net/15-years/). The phpMyAdmin project is a member of [Software Freedom Conservancy](https://sfconservancy.org/). SFC is a not-for-profit organization that helps promote, improve, develop, and defend Free, Libre, and Open Source Software (FLOSS) projects.

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
< 4.9.11, >= 5.0.0, < 5.2.15.4 MEDIUM

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.

>= 5.0.0, < 5.2.09.8 CRITICAL

SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.

<= 5.1.15.3 MEDIUM5 MEDIUM

PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.

>= 4.9.0, < 4.9.8, >= 5.1.0, < 5.1.24.3 MEDIUM4 MEDIUM

An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.

>= 5.1.0, < 5.1.26.1 MEDIUM4.3 MEDIUM

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.