Phpmyadmin CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Known exploited phpMyAdmin CVE published 2022-03-25

CVE-2009-1151

CVE-2009-1151 is identified in the supplied official records as a phpMyAdmin remote code execution vulnerability and is listed by CISA in the Known Exploited Vulnerabilities (KEV) catalog. That KEV listing means defenders should treat it as a confirmed active-risk issue and apply vendor-recommended updates as soon as possible. The supplied timeline shows the KEV record was added on 2022-03-25 with a due d [truncated]

HIGH Phpmyadmin CVE published 2017-01-31

CVE-2016-6621

CVE-2016-6621 describes a server-side request forgery (SSRF) issue in the phpMyAdmin setup script. NVD lists the flaw as network-exploitable with no privileges or user interaction required, and maps it to CWE-918. Fixed releases are identified as 4.0.10.19, 4.4.15.10, and 4.6.6.