Security policy ¶

The phpMyAdmin developer team is putting lot of effort to make phpMyAdmin as secure as possible. But still web application like phpMyAdmin can be vulnerable to a number of attacks and new ways to exploit are still being explored.

For every reported vulnerability we issue a phpMyAdmin Security Announcement (PMASA) and it get's assigne CVE ID as well. We might group similar vulnerabilities to one PMASA (eg. multiple XSS vulnerabilities can be announced under one PMASA).

If you think you've found a vulnerability, please see Reporting security issues.