Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/phpmyadmin/phpmyadmin@4.6.3

Type composer

Namespace phpmyadmin

Name phpmyadmin

Version 4.6.3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.9.11

Latest_non_vulnerable_version 5.2.2

Affected_by_vulnerabilities

url VCID-1dc8-kafr-3qd7

vulnerability_id VCID-1dc8-kafr-3qd7

summary

Cross-site Scripting
An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6628

reference_id

reference_type

scores

value	0.00258
scoring_system	epss
scoring_elements	0.49225
published_at	2026-04-21T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49155
published_at	2026-04-01T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49186
published_at	2026-04-02T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49214
published_at	2026-04-04T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49165
published_at	2026-04-07T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.4922
published_at	2026-04-08T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49216
published_at	2026-04-09T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49234
published_at	2026-04-11T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49207
published_at	2026-04-12T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49212
published_at	2026-04-13T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49257
published_at	2026-04-16T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49255
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6628

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6628
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6628

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html

reference_url

https://security.gentoo.org/glsa/201701-32

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201701-32

reference_url

https://www.phpmyadmin.net/security/PMASA-2016-51

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2016-51

reference_url

http://www.securityfocus.com/bid/92492

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/92492

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6628

reference_id

CVE-2016-6628

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6628

reference_url

https://github.com/advisories/GHSA-phhm-63xx-v9rr

reference_id

GHSA-phhm-63xx-v9rr

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-phhm-63xx-v9rr

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.6.4

purl pkg:composer/phpmyadmin/phpmyadmin@4.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mda-fksy-bqb2

vulnerability	VCID-8xac-hgvs-ykgn

vulnerability	VCID-9xxd-uwwt-57ba

vulnerability	VCID-bcmm-z26p-rkfp

vulnerability	VCID-jj7e-xndw-6fcp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.4

url pkg:composer/phpmyadmin/phpmyadmin@4.7.0

purl pkg:composer/phpmyadmin/phpmyadmin@4.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-986a-3m4g-83ge

vulnerability	VCID-br1c-5bzf-ufeu

vulnerability	VCID-c91y-txcw-2kdy

vulnerability	VCID-ebk2-vjau-57h9

vulnerability	VCID-fchc-55te-akhe

vulnerability	VCID-g6ud-92qe-hqcx

vulnerability	VCID-gu4y-aeqx-mqak

vulnerability	VCID-hnud-ktgb-dfe6

vulnerability	VCID-jma9-9uhu-xuc3

vulnerability	VCID-mwtw-n1tv-hfd9

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-qcra-cu62-43he

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-scu3-cfyc-9qfz

vulnerability	VCID-tbnx-nuzv-ebdc

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-yfja-ssw3-skh1

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

vulnerability	VCID-zyzp-aqd8-e3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0

aliases CVE-2016-6628, GHSA-phhm-63xx-v9rr

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1dc8-kafr-3qd7

url VCID-64sy-unts-juf3

vulnerability_id VCID-64sy-unts-juf3

summary

Information Exposure
An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user session, username, and password are not compromised by this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6625

reference_id

reference_type

scores

value	0.00275
scoring_system	epss
scoring_elements	0.50974
published_at	2026-04-21T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50851
published_at	2026-04-01T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50909
published_at	2026-04-02T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50935
published_at	2026-04-04T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50892
published_at	2026-04-07T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50949
published_at	2026-04-08T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50947
published_at	2026-04-09T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50989
published_at	2026-04-11T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50967
published_at	2026-04-12T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50951
published_at	2026-04-13T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50988
published_at	2026-04-16T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50995
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6625

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6625
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6625

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://security.gentoo.org/glsa/201701-32

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201701-32

reference_url

https://www.phpmyadmin.net/security/PMASA-2016-48

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2016-48

reference_url

http://www.securityfocus.com/bid/92491

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/92491

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6625

reference_id

CVE-2016-6625

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6625

reference_url

https://github.com/advisories/GHSA-r643-7xfg-ppc5

reference_id

GHSA-r643-7xfg-ppc5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r643-7xfg-ppc5

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.6.4

purl pkg:composer/phpmyadmin/phpmyadmin@4.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mda-fksy-bqb2

vulnerability	VCID-8xac-hgvs-ykgn

vulnerability	VCID-9xxd-uwwt-57ba

vulnerability	VCID-bcmm-z26p-rkfp

vulnerability	VCID-jj7e-xndw-6fcp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.4

url pkg:composer/phpmyadmin/phpmyadmin@4.7.0

purl pkg:composer/phpmyadmin/phpmyadmin@4.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-986a-3m4g-83ge

vulnerability	VCID-br1c-5bzf-ufeu

vulnerability	VCID-c91y-txcw-2kdy

vulnerability	VCID-ebk2-vjau-57h9

vulnerability	VCID-fchc-55te-akhe

vulnerability	VCID-g6ud-92qe-hqcx

vulnerability	VCID-gu4y-aeqx-mqak

vulnerability	VCID-hnud-ktgb-dfe6

vulnerability	VCID-jma9-9uhu-xuc3

vulnerability	VCID-mwtw-n1tv-hfd9

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-qcra-cu62-43he

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-scu3-cfyc-9qfz

vulnerability	VCID-tbnx-nuzv-ebdc

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-yfja-ssw3-skh1

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

vulnerability	VCID-zyzp-aqd8-e3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0

aliases CVE-2016-6625, GHSA-r643-7xfg-ppc5

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-64sy-unts-juf3

url VCID-8fu3-wm7d-qkeu

vulnerability_id VCID-8fu3-wm7d-qkeu

summary

Incomplete Cleanup
An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6632

reference_id

reference_type

scores

value	0.00567
scoring_system	epss
scoring_elements	0.68518
published_at	2026-04-21T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68424
published_at	2026-04-01T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68443
published_at	2026-04-02T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68463
published_at	2026-04-04T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68439
published_at	2026-04-07T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68489
published_at	2026-04-08T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68506
published_at	2026-04-09T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68532
published_at	2026-04-11T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.6852
published_at	2026-04-12T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68488
published_at	2026-04-13T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68527
published_at	2026-04-16T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.6854
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6632

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6632
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6632

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html

reference_url

https://security.gentoo.org/glsa/201701-32

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201701-32

reference_url

https://www.phpmyadmin.net/security/PMASA-2016-55

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2016-55

reference_url

http://www.securityfocus.com/bid/92497

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/92497

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6632

reference_id

CVE-2016-6632

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6632

reference_url

https://github.com/advisories/GHSA-426q-975p-w5cr

reference_id

GHSA-426q-975p-w5cr

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-426q-975p-w5cr

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.6.4

purl pkg:composer/phpmyadmin/phpmyadmin@4.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mda-fksy-bqb2

vulnerability	VCID-8xac-hgvs-ykgn

vulnerability	VCID-9xxd-uwwt-57ba

vulnerability	VCID-bcmm-z26p-rkfp

vulnerability	VCID-jj7e-xndw-6fcp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.4

url pkg:composer/phpmyadmin/phpmyadmin@4.7.0

purl pkg:composer/phpmyadmin/phpmyadmin@4.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-986a-3m4g-83ge

vulnerability	VCID-br1c-5bzf-ufeu

vulnerability	VCID-c91y-txcw-2kdy

vulnerability	VCID-ebk2-vjau-57h9

vulnerability	VCID-fchc-55te-akhe

vulnerability	VCID-g6ud-92qe-hqcx

vulnerability	VCID-gu4y-aeqx-mqak

vulnerability	VCID-hnud-ktgb-dfe6

vulnerability	VCID-jma9-9uhu-xuc3

vulnerability	VCID-mwtw-n1tv-hfd9

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-qcra-cu62-43he

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-scu3-cfyc-9qfz

vulnerability	VCID-tbnx-nuzv-ebdc

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-yfja-ssw3-skh1

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

vulnerability	VCID-zyzp-aqd8-e3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0

aliases CVE-2016-6632, GHSA-426q-975p-w5cr

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8fu3-wm7d-qkeu

url VCID-9t2s-etzf-t3d2

vulnerability_id VCID-9t2s-etzf-t3d2

summary

Command Injection
An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6609

reference_id

reference_type

scores

value	0.00425
scoring_system	epss
scoring_elements	0.62256
published_at	2026-04-21T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62108
published_at	2026-04-01T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62169
published_at	2026-04-02T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62199
published_at	2026-04-04T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62166
published_at	2026-04-07T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62216
published_at	2026-04-08T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62233
published_at	2026-04-09T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62252
published_at	2026-04-11T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62241
published_at	2026-04-12T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.6222
published_at	2026-04-13T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62265
published_at	2026-04-16T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62272
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6609

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6609
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6609

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html

reference_url

https://security.gentoo.org/glsa/201701-32

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201701-32

reference_url

https://www.phpmyadmin.net/security/PMASA-2016-32

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2016-32

reference_url

http://www.securityfocus.com/bid/94112

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/94112

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6609

reference_id

CVE-2016-6609

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6609

reference_url

https://github.com/advisories/GHSA-wpww-hx7x-xfjh

reference_id

GHSA-wpww-hx7x-xfjh

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wpww-hx7x-xfjh

reference_url	https://usn.ubuntu.com/USN-4843-1/
reference_id	USN-USN-4843-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4843-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.6.4

purl pkg:composer/phpmyadmin/phpmyadmin@4.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mda-fksy-bqb2

vulnerability	VCID-8xac-hgvs-ykgn

vulnerability	VCID-9xxd-uwwt-57ba

vulnerability	VCID-bcmm-z26p-rkfp

vulnerability	VCID-jj7e-xndw-6fcp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.4

url pkg:composer/phpmyadmin/phpmyadmin@4.7.0

purl pkg:composer/phpmyadmin/phpmyadmin@4.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-986a-3m4g-83ge

vulnerability	VCID-br1c-5bzf-ufeu

vulnerability	VCID-c91y-txcw-2kdy

vulnerability	VCID-ebk2-vjau-57h9

vulnerability	VCID-fchc-55te-akhe

vulnerability	VCID-g6ud-92qe-hqcx

vulnerability	VCID-gu4y-aeqx-mqak

vulnerability	VCID-hnud-ktgb-dfe6

vulnerability	VCID-jma9-9uhu-xuc3

vulnerability	VCID-mwtw-n1tv-hfd9

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-qcra-cu62-43he

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-scu3-cfyc-9qfz

vulnerability	VCID-tbnx-nuzv-ebdc

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-yfja-ssw3-skh1

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

vulnerability	VCID-zyzp-aqd8-e3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0

aliases CVE-2016-6609, GHSA-wpww-hx7x-xfjh

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9t2s-etzf-t3d2

url VCID-e9qs-mvaa-wyc6

vulnerability_id VCID-e9qs-mvaa-wyc6

summary

Incomplete List of Disallowed Inputs
An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6624

reference_id

reference_type

scores

value	0.003
scoring_system	epss
scoring_elements	0.53332
published_at	2026-04-21T12:55:00Z

value	0.003
scoring_system	epss
scoring_elements	0.53227
published_at	2026-04-01T12:55:00Z

value	0.003
scoring_system	epss
scoring_elements	0.53251
published_at	2026-04-02T12:55:00Z

value	0.003
scoring_system	epss
scoring_elements	0.53276
published_at	2026-04-04T12:55:00Z

value	0.003
scoring_system	epss
scoring_elements	0.53244
published_at	2026-04-07T12:55:00Z

value	0.003
scoring_system	epss
scoring_elements	0.53296
published_at	2026-04-08T12:55:00Z

value	0.003
scoring_system	epss
scoring_elements	0.53291
published_at	2026-04-09T12:55:00Z

value	0.003
scoring_system	epss
scoring_elements	0.53341
published_at	2026-04-11T12:55:00Z

value	0.003
scoring_system	epss
scoring_elements	0.53326
published_at	2026-04-12T12:55:00Z

value	0.003
scoring_system	epss
scoring_elements	0.53309
published_at	2026-04-13T12:55:00Z

value	0.003
scoring_system	epss
scoring_elements	0.53347
published_at	2026-04-16T12:55:00Z

value	0.003
scoring_system	epss
scoring_elements	0.53352
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6624

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6624
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6624

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html

reference_url

https://security.gentoo.org/glsa/201701-32

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201701-32

reference_url

https://www.phpmyadmin.net/security/PMASA-2016-47

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2016-47

reference_url

http://www.securityfocus.com/bid/92489

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/92489

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6624

reference_id

CVE-2016-6624

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6624

reference_url

https://github.com/advisories/GHSA-mhxj-6vf8-mwv3

reference_id

GHSA-mhxj-6vf8-mwv3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mhxj-6vf8-mwv3

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.6.4

purl pkg:composer/phpmyadmin/phpmyadmin@4.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mda-fksy-bqb2

vulnerability	VCID-8xac-hgvs-ykgn

vulnerability	VCID-9xxd-uwwt-57ba

vulnerability	VCID-bcmm-z26p-rkfp

vulnerability	VCID-jj7e-xndw-6fcp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.4

url pkg:composer/phpmyadmin/phpmyadmin@4.7.0

purl pkg:composer/phpmyadmin/phpmyadmin@4.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-986a-3m4g-83ge

vulnerability	VCID-br1c-5bzf-ufeu

vulnerability	VCID-c91y-txcw-2kdy

vulnerability	VCID-ebk2-vjau-57h9

vulnerability	VCID-fchc-55te-akhe

vulnerability	VCID-g6ud-92qe-hqcx

vulnerability	VCID-gu4y-aeqx-mqak

vulnerability	VCID-hnud-ktgb-dfe6

vulnerability	VCID-jma9-9uhu-xuc3

vulnerability	VCID-mwtw-n1tv-hfd9

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-qcra-cu62-43he

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-scu3-cfyc-9qfz

vulnerability	VCID-tbnx-nuzv-ebdc

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-yfja-ssw3-skh1

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

vulnerability	VCID-zyzp-aqd8-e3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0

aliases CVE-2016-6624, GHSA-mhxj-6vf8-mwv3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e9qs-mvaa-wyc6

url VCID-fgr8-8j61-cufq

vulnerability_id VCID-fgr8-8j61-cufq

summary

Information Exposure
An issue was discovered in phpMyAdmin. A user can exploit the "LOAD LOCAL INFILE" functionality to expose files on the server to the database system.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6612

reference_id

reference_type

scores

value	0.00411
scoring_system	epss
scoring_elements	0.61453
published_at	2026-04-21T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61298
published_at	2026-04-01T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61377
published_at	2026-04-02T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61406
published_at	2026-04-04T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61375
published_at	2026-04-07T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61422
published_at	2026-04-08T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61437
published_at	2026-04-09T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61459
published_at	2026-04-11T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61444
published_at	2026-04-12T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61426
published_at	2026-04-13T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61465
published_at	2026-04-16T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61469
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6612

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6612
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6612

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html

reference_url

https://security.gentoo.org/glsa/201701-32

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201701-32

reference_url

https://www.phpmyadmin.net/security/PMASA-2016-35

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2016-35

reference_url

http://www.securityfocus.com/bid/94113

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/94113

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6612

reference_id

CVE-2016-6612

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6612

reference_url

https://github.com/advisories/GHSA-fcgm-62p3-f7cm

reference_id

GHSA-fcgm-62p3-f7cm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fcgm-62p3-f7cm

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.6.4

purl pkg:composer/phpmyadmin/phpmyadmin@4.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mda-fksy-bqb2

vulnerability	VCID-8xac-hgvs-ykgn

vulnerability	VCID-9xxd-uwwt-57ba

vulnerability	VCID-bcmm-z26p-rkfp

vulnerability	VCID-jj7e-xndw-6fcp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.4

url pkg:composer/phpmyadmin/phpmyadmin@4.7.0

purl pkg:composer/phpmyadmin/phpmyadmin@4.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-986a-3m4g-83ge

vulnerability	VCID-br1c-5bzf-ufeu

vulnerability	VCID-c91y-txcw-2kdy

vulnerability	VCID-ebk2-vjau-57h9

vulnerability	VCID-fchc-55te-akhe

vulnerability	VCID-g6ud-92qe-hqcx

vulnerability	VCID-gu4y-aeqx-mqak

vulnerability	VCID-hnud-ktgb-dfe6

vulnerability	VCID-jma9-9uhu-xuc3

vulnerability	VCID-mwtw-n1tv-hfd9

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-qcra-cu62-43he

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-scu3-cfyc-9qfz

vulnerability	VCID-tbnx-nuzv-ebdc

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-yfja-ssw3-skh1

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

vulnerability	VCID-zyzp-aqd8-e3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0

aliases CVE-2016-6612, GHSA-fcgm-62p3-f7cm

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fgr8-8j61-cufq

url VCID-fvnp-w4kk-3qfq

vulnerability_id VCID-fvnp-w4kk-3qfq

summary

Cross-site Scripting
XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6608

reference_id

reference_type

scores

value	0.00452
scoring_system	epss
scoring_elements	0.63751
published_at	2026-04-18T12:55:00Z

value	0.00452
scoring_system	epss
scoring_elements	0.63625
published_at	2026-04-01T12:55:00Z

value	0.00452
scoring_system	epss
scoring_elements	0.63685
published_at	2026-04-02T12:55:00Z

value	0.00452
scoring_system	epss
scoring_elements	0.63711
published_at	2026-04-04T12:55:00Z

value	0.00452
scoring_system	epss
scoring_elements	0.63671
published_at	2026-04-07T12:55:00Z

value	0.00452
scoring_system	epss
scoring_elements	0.63723
published_at	2026-04-08T12:55:00Z

value	0.00452
scoring_system	epss
scoring_elements	0.63741
published_at	2026-04-09T12:55:00Z

value	0.00452
scoring_system	epss
scoring_elements	0.63755
published_at	2026-04-11T12:55:00Z

value	0.00452
scoring_system	epss
scoring_elements	0.6374
published_at	2026-04-21T12:55:00Z

value	0.00452
scoring_system	epss
scoring_elements	0.63706
published_at	2026-04-13T12:55:00Z

value	0.00452
scoring_system	epss
scoring_elements	0.63742
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6608

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6608
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6608

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://security.gentoo.org/glsa/201701-32

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201701-32

reference_url

https://www.phpmyadmin.net/security/PMASA-2016-31

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2016-31

reference_url

http://www.securityfocus.com/bid/93258

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/93258

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6608

reference_id

CVE-2016-6608

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6608

reference_url

https://github.com/advisories/GHSA-jfmj-27fp-qp67

reference_id

GHSA-jfmj-27fp-qp67

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jfmj-27fp-qp67

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.6.4

purl pkg:composer/phpmyadmin/phpmyadmin@4.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mda-fksy-bqb2

vulnerability	VCID-8xac-hgvs-ykgn

vulnerability	VCID-9xxd-uwwt-57ba

vulnerability	VCID-bcmm-z26p-rkfp

vulnerability	VCID-jj7e-xndw-6fcp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.4

url pkg:composer/phpmyadmin/phpmyadmin@4.7.0

purl pkg:composer/phpmyadmin/phpmyadmin@4.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-986a-3m4g-83ge

vulnerability	VCID-br1c-5bzf-ufeu

vulnerability	VCID-c91y-txcw-2kdy

vulnerability	VCID-ebk2-vjau-57h9

vulnerability	VCID-fchc-55te-akhe

vulnerability	VCID-g6ud-92qe-hqcx

vulnerability	VCID-gu4y-aeqx-mqak

vulnerability	VCID-hnud-ktgb-dfe6

vulnerability	VCID-jma9-9uhu-xuc3

vulnerability	VCID-mwtw-n1tv-hfd9

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-qcra-cu62-43he

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-scu3-cfyc-9qfz

vulnerability	VCID-tbnx-nuzv-ebdc

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-yfja-ssw3-skh1

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

vulnerability	VCID-zyzp-aqd8-e3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0

aliases CVE-2016-6608, GHSA-jfmj-27fp-qp67

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fvnp-w4kk-3qfq

url VCID-gzqe-8ywj-h7hk

vulnerability_id VCID-gzqe-8ywj-h7hk

summary

Cryptographic Issues
An issue was discovered in phpMyAdmin. When the user does not specify a `blowfish_secret` key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's `blowfish_secret` and potentially decrypt their cookies.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9847

reference_id

reference_type

scores

value	0.00432
scoring_system	epss
scoring_elements	0.62618
published_at	2026-04-07T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.627
published_at	2026-04-21T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62719
published_at	2026-04-18T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62711
published_at	2026-04-16T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62671
published_at	2026-04-13T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62694
published_at	2026-04-12T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62704
published_at	2026-04-11T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62686
published_at	2026-04-09T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62563
published_at	2026-04-01T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62621
published_at	2026-04-02T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.6267
published_at	2026-04-08T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62653
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9847

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9847
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9847

reference_url

https://security.gentoo.org/glsa/201701-32

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201701-32

reference_url

https://web.archive.org/web/20210123194700/http://www.securityfocus.com/bid/94524

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210123194700/http://www.securityfocus.com/bid/94524

reference_url

https://www.phpmyadmin.net/security/PMASA-2016-58

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2016-58

reference_url	http://www.securityfocus.com/bid/94524
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94524

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9847

reference_id

CVE-2016-9847

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9847

reference_url

https://github.com/advisories/GHSA-9xhq-pm7v-693p

reference_id

GHSA-9xhq-pm7v-693p

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9xhq-pm7v-693p

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.6.5

purl pkg:composer/phpmyadmin/phpmyadmin@4.6.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7h9b-a8dp-57hp

vulnerability	VCID-uw6h-fpzy-x3ap

vulnerability	VCID-zreq-41ja-pbf1

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.5

url pkg:composer/phpmyadmin/phpmyadmin@4.7.0

purl pkg:composer/phpmyadmin/phpmyadmin@4.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-986a-3m4g-83ge

vulnerability	VCID-br1c-5bzf-ufeu

vulnerability	VCID-c91y-txcw-2kdy

vulnerability	VCID-ebk2-vjau-57h9

vulnerability	VCID-fchc-55te-akhe

vulnerability	VCID-g6ud-92qe-hqcx

vulnerability	VCID-gu4y-aeqx-mqak

vulnerability	VCID-hnud-ktgb-dfe6

vulnerability	VCID-jma9-9uhu-xuc3

vulnerability	VCID-mwtw-n1tv-hfd9

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-qcra-cu62-43he

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-scu3-cfyc-9qfz

vulnerability	VCID-tbnx-nuzv-ebdc

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-yfja-ssw3-skh1

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

vulnerability	VCID-zyzp-aqd8-e3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0

aliases CVE-2016-9847, GHSA-9xhq-pm7v-693p

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gzqe-8ywj-h7hk

url VCID-h5wu-ugm7-4bah

vulnerability_id VCID-h5wu-ugm7-4bah

summary

Code Injection
An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6633

reference_id

reference_type

scores

value	0.01833
scoring_system	epss
scoring_elements	0.8296
published_at	2026-04-21T12:55:00Z

value	0.01833
scoring_system	epss
scoring_elements	0.82853
published_at	2026-04-01T12:55:00Z

value	0.01833
scoring_system	epss
scoring_elements	0.82869
published_at	2026-04-02T12:55:00Z

value	0.01833
scoring_system	epss
scoring_elements	0.82882
published_at	2026-04-04T12:55:00Z

value	0.01833
scoring_system	epss
scoring_elements	0.82878
published_at	2026-04-07T12:55:00Z

value	0.01833
scoring_system	epss
scoring_elements	0.82903
published_at	2026-04-08T12:55:00Z

value	0.01833
scoring_system	epss
scoring_elements	0.82911
published_at	2026-04-09T12:55:00Z

value	0.01833
scoring_system	epss
scoring_elements	0.82926
published_at	2026-04-11T12:55:00Z

value	0.01833
scoring_system	epss
scoring_elements	0.82922
published_at	2026-04-12T12:55:00Z

value	0.01833
scoring_system	epss
scoring_elements	0.82918
published_at	2026-04-13T12:55:00Z

value	0.01833
scoring_system	epss
scoring_elements	0.82957
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6633
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6633

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://security.gentoo.org/glsa/201701-32

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201701-32

reference_url

https://www.phpmyadmin.net/security/PMASA-2016-56

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2016-56

reference_url

http://www.securityfocus.com/bid/92500

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/92500

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6633

reference_id

CVE-2016-6633

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6633

reference_url

https://github.com/advisories/GHSA-p849-vf5f-f3x7

reference_id

GHSA-p849-vf5f-f3x7

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p849-vf5f-f3x7

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.6.4

purl pkg:composer/phpmyadmin/phpmyadmin@4.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mda-fksy-bqb2

vulnerability	VCID-8xac-hgvs-ykgn

vulnerability	VCID-9xxd-uwwt-57ba

vulnerability	VCID-bcmm-z26p-rkfp

vulnerability	VCID-jj7e-xndw-6fcp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.4

url pkg:composer/phpmyadmin/phpmyadmin@4.7.0

purl pkg:composer/phpmyadmin/phpmyadmin@4.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-986a-3m4g-83ge

vulnerability	VCID-br1c-5bzf-ufeu

vulnerability	VCID-c91y-txcw-2kdy

vulnerability	VCID-ebk2-vjau-57h9

vulnerability	VCID-fchc-55te-akhe

vulnerability	VCID-g6ud-92qe-hqcx

vulnerability	VCID-gu4y-aeqx-mqak

vulnerability	VCID-hnud-ktgb-dfe6

vulnerability	VCID-jma9-9uhu-xuc3

vulnerability	VCID-mwtw-n1tv-hfd9

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-qcra-cu62-43he

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-scu3-cfyc-9qfz

vulnerability	VCID-tbnx-nuzv-ebdc

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-yfja-ssw3-skh1

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

vulnerability	VCID-zyzp-aqd8-e3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0

aliases CVE-2016-6633, GHSA-p849-vf5f-f3x7

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h5wu-ugm7-4bah

url VCID-tydk-zjv1-nye6

vulnerability_id VCID-tydk-zjv1-nye6

summary

Improper Input Validation
An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with `$cfg['AllowArbitraryServer']=true`.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6622

reference_id

reference_type

scores

value	0.01016
scoring_system	epss
scoring_elements	0.77197
published_at	2026-04-21T12:55:00Z

value	0.01016
scoring_system	epss
scoring_elements	0.77104
published_at	2026-04-01T12:55:00Z

value	0.01016
scoring_system	epss
scoring_elements	0.7711
published_at	2026-04-02T12:55:00Z

value	0.01016
scoring_system	epss
scoring_elements	0.7714
published_at	2026-04-04T12:55:00Z

value	0.01016
scoring_system	epss
scoring_elements	0.77122
published_at	2026-04-07T12:55:00Z

value	0.01016
scoring_system	epss
scoring_elements	0.77155
published_at	2026-04-08T12:55:00Z

value	0.01016
scoring_system	epss
scoring_elements	0.77163
published_at	2026-04-09T12:55:00Z

value	0.01016
scoring_system	epss
scoring_elements	0.77191
published_at	2026-04-11T12:55:00Z

value	0.01016
scoring_system	epss
scoring_elements	0.7717
published_at	2026-04-12T12:55:00Z

value	0.01016
scoring_system	epss
scoring_elements	0.77165
published_at	2026-04-13T12:55:00Z

value	0.01016
scoring_system	epss
scoring_elements	0.77206
published_at	2026-04-16T12:55:00Z

value	0.01016
scoring_system	epss
scoring_elements	0.77207
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6622

reference_url

https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html

reference_url

https://security.gentoo.org/glsa/201701-32

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201701-32

reference_url

https://web.archive.org/web/20210125183746/http://www.securityfocus.com/bid/95049

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210125183746/http://www.securityfocus.com/bid/95049

reference_url

https://www.phpmyadmin.net/security/PMASA-2016-45

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2016-45

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6622

reference_id

CVE-2016-6622

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6622

reference_url

https://github.com/advisories/GHSA-qf3f-7x69-qfv3

reference_id

GHSA-qf3f-7x69-qfv3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qf3f-7x69-qfv3

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.6.4

purl pkg:composer/phpmyadmin/phpmyadmin@4.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mda-fksy-bqb2

vulnerability	VCID-8xac-hgvs-ykgn

vulnerability	VCID-9xxd-uwwt-57ba

vulnerability	VCID-bcmm-z26p-rkfp

vulnerability	VCID-jj7e-xndw-6fcp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.4

url pkg:composer/phpmyadmin/phpmyadmin@4.7.0

purl pkg:composer/phpmyadmin/phpmyadmin@4.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-986a-3m4g-83ge

vulnerability	VCID-br1c-5bzf-ufeu

vulnerability	VCID-c91y-txcw-2kdy

vulnerability	VCID-ebk2-vjau-57h9

vulnerability	VCID-fchc-55te-akhe

vulnerability	VCID-g6ud-92qe-hqcx

vulnerability	VCID-gu4y-aeqx-mqak

vulnerability	VCID-hnud-ktgb-dfe6

vulnerability	VCID-jma9-9uhu-xuc3

vulnerability	VCID-mwtw-n1tv-hfd9

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-qcra-cu62-43he

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-scu3-cfyc-9qfz

vulnerability	VCID-tbnx-nuzv-ebdc

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-yfja-ssw3-skh1

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

vulnerability	VCID-zyzp-aqd8-e3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0

aliases CVE-2016-6622, GHSA-qf3f-7x69-qfv3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tydk-zjv1-nye6

url VCID-v66b-3ghf-9uas

vulnerability_id VCID-v66b-3ghf-9uas

summary

Improper Input Validation
An issue was discovered in phpMyAdmin involving the `$cfg['ArbitraryServerRegexp']` configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by `ArbitraryServerRegexp`.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6629

reference_id

reference_type

scores

value	0.0032
scoring_system	epss
scoring_elements	0.55121
published_at	2026-04-21T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.54974
published_at	2026-04-01T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55075
published_at	2026-04-02T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55101
published_at	2026-04-04T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55076
published_at	2026-04-07T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55126
published_at	2026-04-09T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55138
published_at	2026-04-16T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55118
published_at	2026-04-12T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.551
published_at	2026-04-13T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55142
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6629

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6629
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6629

reference_url

https://security.gentoo.org/glsa/201701-32

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201701-32

reference_url

https://web.archive.org/web/20210725054025/http://www.securityfocus.com/bid/92493

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210725054025/http://www.securityfocus.com/bid/92493

reference_url

https://www.phpmyadmin.net/security/PMASA-2016-52

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2016-52

reference_url	http://www.securityfocus.com/bid/92493
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/92493

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6629

reference_id

CVE-2016-6629

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6629

reference_url

https://github.com/advisories/GHSA-567r-vqj7-5cw7

reference_id

GHSA-567r-vqj7-5cw7

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-567r-vqj7-5cw7

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.6.4

purl pkg:composer/phpmyadmin/phpmyadmin@4.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mda-fksy-bqb2

vulnerability	VCID-8xac-hgvs-ykgn

vulnerability	VCID-9xxd-uwwt-57ba

vulnerability	VCID-bcmm-z26p-rkfp

vulnerability	VCID-jj7e-xndw-6fcp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.4

url pkg:composer/phpmyadmin/phpmyadmin@4.7.0

purl pkg:composer/phpmyadmin/phpmyadmin@4.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-986a-3m4g-83ge

vulnerability	VCID-br1c-5bzf-ufeu

vulnerability	VCID-c91y-txcw-2kdy

vulnerability	VCID-ebk2-vjau-57h9

vulnerability	VCID-fchc-55te-akhe

vulnerability	VCID-g6ud-92qe-hqcx

vulnerability	VCID-gu4y-aeqx-mqak

vulnerability	VCID-hnud-ktgb-dfe6

vulnerability	VCID-jma9-9uhu-xuc3

vulnerability	VCID-mwtw-n1tv-hfd9

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-qcra-cu62-43he

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-scu3-cfyc-9qfz

vulnerability	VCID-tbnx-nuzv-ebdc

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-yfja-ssw3-skh1

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

vulnerability	VCID-zyzp-aqd8-e3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0

aliases CVE-2016-6629, GHSA-567r-vqj7-5cw7

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v66b-3ghf-9uas

url VCID-z22z-a5bq-97d3

vulnerability_id VCID-z22z-a5bq-97d3

summary

Uncontrolled Resouce Consumption
An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6618

reference_id

reference_type

scores

value	0.0055
scoring_system	epss
scoring_elements	0.67983
published_at	2026-04-21T12:55:00Z

value	0.0055
scoring_system	epss
scoring_elements	0.67889
published_at	2026-04-01T12:55:00Z

value	0.0055
scoring_system	epss
scoring_elements	0.67912
published_at	2026-04-02T12:55:00Z

value	0.0055
scoring_system	epss
scoring_elements	0.67931
published_at	2026-04-04T12:55:00Z

value	0.0055
scoring_system	epss
scoring_elements	0.6791
published_at	2026-04-07T12:55:00Z

value	0.0055
scoring_system	epss
scoring_elements	0.67961
published_at	2026-04-08T12:55:00Z

value	0.0055
scoring_system	epss
scoring_elements	0.67975
published_at	2026-04-09T12:55:00Z

value	0.0055
scoring_system	epss
scoring_elements	0.67998
published_at	2026-04-11T12:55:00Z

value	0.0055
scoring_system	epss
scoring_elements	0.67985
published_at	2026-04-12T12:55:00Z

value	0.0055
scoring_system	epss
scoring_elements	0.6795
published_at	2026-04-13T12:55:00Z

value	0.0055
scoring_system	epss
scoring_elements	0.67987
published_at	2026-04-16T12:55:00Z

value	0.0055
scoring_system	epss
scoring_elements	0.68
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6618

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6618
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6618

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html

reference_url

https://security.gentoo.org/glsa/201701-32

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201701-32

reference_url

https://www.phpmyadmin.net/security/PMASA-2016-41

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2016-41

reference_url

http://www.securityfocus.com/bid/95047

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/95047

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6618

reference_id

CVE-2016-6618

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6618

reference_url

https://github.com/advisories/GHSA-rv6m-chvv-wmxg

reference_id

GHSA-rv6m-chvv-wmxg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rv6m-chvv-wmxg

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.6.4

purl pkg:composer/phpmyadmin/phpmyadmin@4.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mda-fksy-bqb2

vulnerability	VCID-8xac-hgvs-ykgn

vulnerability	VCID-9xxd-uwwt-57ba

vulnerability	VCID-bcmm-z26p-rkfp

vulnerability	VCID-jj7e-xndw-6fcp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.4

url pkg:composer/phpmyadmin/phpmyadmin@4.7.0

purl pkg:composer/phpmyadmin/phpmyadmin@4.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-986a-3m4g-83ge

vulnerability	VCID-br1c-5bzf-ufeu

vulnerability	VCID-c91y-txcw-2kdy

vulnerability	VCID-ebk2-vjau-57h9

vulnerability	VCID-fchc-55te-akhe

vulnerability	VCID-g6ud-92qe-hqcx

vulnerability	VCID-gu4y-aeqx-mqak

vulnerability	VCID-hnud-ktgb-dfe6

vulnerability	VCID-jma9-9uhu-xuc3

vulnerability	VCID-mwtw-n1tv-hfd9

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-qcra-cu62-43he

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-scu3-cfyc-9qfz

vulnerability	VCID-tbnx-nuzv-ebdc

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-yfja-ssw3-skh1

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

vulnerability	VCID-zyzp-aqd8-e3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0

aliases CVE-2016-6618, GHSA-rv6m-chvv-wmxg

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z22z-a5bq-97d3

url VCID-zg16-dfu1-g7dn

vulnerability_id VCID-zg16-dfu1-g7dn

summary

Information Exposure
An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6613

reference_id

reference_type

scores

value	0.00411
scoring_system	epss
scoring_elements	0.61453
published_at	2026-04-21T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61298
published_at	2026-04-01T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61377
published_at	2026-04-02T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61406
published_at	2026-04-04T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61375
published_at	2026-04-07T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61422
published_at	2026-04-08T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61437
published_at	2026-04-09T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61459
published_at	2026-04-11T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61444
published_at	2026-04-12T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61426
published_at	2026-04-13T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61465
published_at	2026-04-16T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61469
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6613

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6613
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6613

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html

reference_url

https://security.gentoo.org/glsa/201701-32

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201701-32

reference_url

https://www.phpmyadmin.net/security/PMASA-2016-36

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2016-36

reference_url

http://www.securityfocus.com/bid/94115

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/94115

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6613

reference_id

CVE-2016-6613

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6613

reference_url

https://github.com/advisories/GHSA-6j2v-g9rg-qcm5

reference_id

GHSA-6j2v-g9rg-qcm5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6j2v-g9rg-qcm5

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.6.4

purl pkg:composer/phpmyadmin/phpmyadmin@4.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mda-fksy-bqb2

vulnerability	VCID-8xac-hgvs-ykgn

vulnerability	VCID-9xxd-uwwt-57ba

vulnerability	VCID-bcmm-z26p-rkfp

vulnerability	VCID-jj7e-xndw-6fcp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.4

url pkg:composer/phpmyadmin/phpmyadmin@4.7.0

purl pkg:composer/phpmyadmin/phpmyadmin@4.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-986a-3m4g-83ge

vulnerability	VCID-br1c-5bzf-ufeu

vulnerability	VCID-c91y-txcw-2kdy

vulnerability	VCID-ebk2-vjau-57h9

vulnerability	VCID-fchc-55te-akhe

vulnerability	VCID-g6ud-92qe-hqcx

vulnerability	VCID-gu4y-aeqx-mqak

vulnerability	VCID-hnud-ktgb-dfe6

vulnerability	VCID-jma9-9uhu-xuc3

vulnerability	VCID-mwtw-n1tv-hfd9

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-qcra-cu62-43he

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-scu3-cfyc-9qfz

vulnerability	VCID-tbnx-nuzv-ebdc

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-yfja-ssw3-skh1

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

vulnerability	VCID-zyzp-aqd8-e3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0

aliases CVE-2016-6613, GHSA-6j2v-g9rg-qcm5

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zg16-dfu1-g7dn

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.3

Package Instance