phppgadmin_project CVE Vulnerabilities & Metrics

Focus on phppgadmin_project vulnerabilities and metrics.

Last updated: 03 Dec 2025, 23:25 UTC

About phppgadmin_project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with phppgadmin_project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total phppgadmin_project CVEs: 6
Earliest CVE date: 14 May 2014, 00:55 UTC
Latest CVE date: 20 Nov 2025, 15:17 UTC

Latest CVE reference: CVE-2025-60799

Rolling Stats

30-day Count (Rolling): 4
365-day Count (Rolling): 4

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical phppgadmin_project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 1.94

Max CVSS: 9.3

Critical CVEs (≥9): 1

CVSS Range vs. Count

Range	Count
0.0-3.9	5
4.0-6.9	1
7.0-8.9	0
9.0-10.0	1

CVSS Distribution Chart

Top 5 Highest CVSS phppgadmin_project CVEs

These are the five CVEs with the highest CVSS scores for phppgadmin_project, sorted by severity first and recency.

CVE-2019-10784 phppgadmin_project Published on 04 Feb 2020, 19:15 UTC (CVSS: 9.3)
phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to visit a malicious page with a CSRF exploit and execute arbitrary system commands on the server.
CVE-2012-1600 phppgadmin_project Published on 14 May 2014, 00:55 UTC (CVSS: 4.3)
Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a function.
CVE-2025-60799 phppgadmin_project Published on 20 Nov 2025, 15:17 UTC (CVSS: 0)
phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters ('subject', 'server', 'database', 'queryid') without proper validation or access control checks. Attackers can exploit this to store arbitrary SQL queries in $_SESSION['sqlquery']...
CVE-2025-60798 phppgadmin_project Published on 20 Nov 2025, 15:17 UTC (CVSS: 0)
phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $_REQUEST['query'] directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute arbitrary SQL commands through malicious query manipulation, potentially leading to complete data...
CVE-2025-60797 phppgadmin_project Published on 20 Nov 2025, 15:17 UTC (CVSS: 0)
phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $_REQUEST['query'] parameter without any sanitization or parameterization via $data->conn->Execute($_REQUEST['query']). An authenticated attacker can exploit this vulnerability to execute arbitrary SQL commands, potentially lead...

All CVEs for phppgadmin_project

CVE-2025-60799 phppgadmin_project vulnerability CVSS: 0 20 Nov 2025, 15:17 UTC

phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters ('subject', 'server', 'database', 'queryid') without proper validation or access control checks. Attackers can exploit this to store arbitrary SQL queries in $_SESSION['sqlquery'] by manipulating these parameters, potentially leading to session poisoning, stored cross-site scripting, or unauthorized access to sensitive session data.

CVE-2025-60798 phppgadmin_project vulnerability CVSS: 0 20 Nov 2025, 15:17 UTC

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $_REQUEST['query'] directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute arbitrary SQL commands through malicious query manipulation, potentially leading to complete database compromise.

CVE-2025-60797 phppgadmin_project vulnerability CVSS: 0 20 Nov 2025, 15:17 UTC

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $_REQUEST['query'] parameter without any sanitization or parameterization via $data->conn->Execute($_REQUEST['query']). An authenticated attacker can exploit this vulnerability to execute arbitrary SQL commands, potentially leading to complete database compromise, data theft, or privilege escalation.

CVE-2025-60796 phppgadmin_project vulnerability CVSS: 0 20 Nov 2025, 15:17 UTC

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting (XSS) vulnerabilities across various components. User-supplied input from $_REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.php, and other unspecified files. An attacker can exploit these vulnerabilities to execute arbitrary JavaScript in victims' browsers, potentially leading to session hijacking, credential theft, or other malicious actions.

CVE-2023-40619 phppgadmin_project vulnerability CVSS: 0 20 Sep 2023, 18:15 UTC

phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.

CVE-2019-10784 phppgadmin_project vulnerability CVSS: 9.3 04 Feb 2020, 19:15 UTC

phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to visit a malicious page with a CSRF exploit and execute arbitrary system commands on the server.

CVE-2012-1600 phppgadmin_project vulnerability CVSS: 4.3 14 May 2014, 00:55 UTC

Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a function.