Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/phpmyadmin/phpmyadmin@4.8.0

Type composer

Namespace phpmyadmin

Name phpmyadmin

Version 4.8.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.9.11

Latest_non_vulnerable_version 5.2.2

Affected_by_vulnerabilities

url VCID-2jjv-4en4-e3gx

vulnerability_id VCID-2jjv-4en4-e3gx

summary phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-22278

reference_id

reference_type

scores

value	0.00409
scoring_system	epss
scoring_elements	0.61125
published_at	2026-04-01T12:55:00Z

value	0.00409
scoring_system	epss
scoring_elements	0.61205
published_at	2026-04-02T12:55:00Z

value	0.00409
scoring_system	epss
scoring_elements	0.61233
published_at	2026-04-04T12:55:00Z

value	0.00409
scoring_system	epss
scoring_elements	0.61199
published_at	2026-04-07T12:55:00Z

value	0.00409
scoring_system	epss
scoring_elements	0.61247
published_at	2026-04-08T12:55:00Z

value	0.00409
scoring_system	epss
scoring_elements	0.61261
published_at	2026-04-09T12:55:00Z

value	0.00409
scoring_system	epss
scoring_elements	0.61281
published_at	2026-04-11T12:55:00Z

value	0.00409
scoring_system	epss
scoring_elements	0.61267
published_at	2026-04-12T12:55:00Z

value	0.00409
scoring_system	epss
scoring_elements	0.61249
published_at	2026-04-13T12:55:00Z

value	0.00409
scoring_system	epss
scoring_elements	0.61289
published_at	2026-04-16T12:55:00Z

value	0.00409
scoring_system	epss
scoring_elements	0.61294
published_at	2026-04-18T12:55:00Z

value	0.00409
scoring_system	epss
scoring_elements	0.61273
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-22278

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-22278
reference_id	CVE-2020-22278
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-22278

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@5.0.3

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-araw-4wdy-hqcz

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-ym9b-4su6-6fbr

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.3

aliases CVE-2020-22278

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2jjv-4en4-e3gx

url VCID-5657-kcyh-7bc2

vulnerability_id VCID-5657-kcyh-7bc2

summary

phpMyAdmin SQL injection in user accounts page
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-5504

reference_id

reference_type

scores

value	0.22375
scoring_system	epss
scoring_elements	0.95843
published_at	2026-04-21T12:55:00Z

value	0.22375
scoring_system	epss
scoring_elements	0.95834
published_at	2026-04-16T12:55:00Z

value	0.22375
scoring_system	epss
scoring_elements	0.9584
published_at	2026-04-18T12:55:00Z

value	0.23238
scoring_system	epss
scoring_elements	0.95916
published_at	2026-04-02T12:55:00Z

value	0.23238
scoring_system	epss
scoring_elements	0.95908
published_at	2026-04-01T12:55:00Z

value	0.23238
scoring_system	epss
scoring_elements	0.95945
published_at	2026-04-13T12:55:00Z

value	0.23238
scoring_system	epss
scoring_elements	0.95942
published_at	2026-04-12T12:55:00Z

value	0.23238
scoring_system	epss
scoring_elements	0.95939
published_at	2026-04-09T12:55:00Z

value	0.23238
scoring_system	epss
scoring_elements	0.95937
published_at	2026-04-08T12:55:00Z

value	0.23238
scoring_system	epss
scoring_elements	0.95928
published_at	2026-04-07T12:55:00Z

value	0.23238
scoring_system	epss
scoring_elements	0.95924
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-5504

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5504
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5504

reference_url

https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-5504.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-5504.yaml

reference_url

https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-5504.md

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-5504.md

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-5504

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-5504

reference_url

https://www.phpmyadmin.net/security/PMASA-2020-1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2020-1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948718
reference_id	948718
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948718

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52451.txt
reference_id	CVE-2020-5504
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52451.txt

reference_url

https://github.com/advisories/GHSA-fgj8-93xx-f6g6

reference_id

GHSA-fgj8-93xx-f6g6

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fgj8-93xx-f6g6

reference_url	https://usn.ubuntu.com/4639-1/
reference_id	USN-4639-1
reference_type
scores
url	https://usn.ubuntu.com/4639-1/

reference_url	https://usn.ubuntu.com/USN-4843-1/
reference_id	USN-USN-4843-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4843-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.9.4

purl pkg:composer/phpmyadmin/phpmyadmin@4.9.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-2y3v-jnph-hfh4

vulnerability	VCID-mk34-h4nz-b3ey

vulnerability	VCID-na3j-h3qr-k7dc

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.4

url pkg:composer/phpmyadmin/phpmyadmin@5.0.1

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-2y3v-jnph-hfh4

vulnerability	VCID-41mv-6vqr-sua6

vulnerability	VCID-araw-4wdy-hqcz

vulnerability	VCID-mk34-h4nz-b3ey

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.1

aliases CVE-2020-5504, GHSA-fgj8-93xx-f6g6

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5657-kcyh-7bc2

url VCID-986a-3m4g-83ge

vulnerability_id VCID-986a-3m4g-83ge

summary

Cross-Site Request Forgery (CSRF)
By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new `tables/routines`, deleting designer pages, `adding/deleting` users, updating user passwords, killing SQL processes.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-19969

reference_id

reference_type

scores

value	0.00458
scoring_system	epss
scoring_elements	0.63934
published_at	2026-04-07T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.64006
published_at	2026-04-21T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.64017
published_at	2026-04-18T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.64005
published_at	2026-04-16T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.6397
published_at	2026-04-13T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.64
published_at	2026-04-12T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.64014
published_at	2026-04-11T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.64002
published_at	2026-04-09T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.63888
published_at	2026-04-01T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.63947
published_at	2026-04-02T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.63984
published_at	2026-04-08T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.63974
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-19969

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19969
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19969

reference_url

https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/106175

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/106175

reference_url	https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/106175/
reference_id
reference_type
scores
url	https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/106175/

reference_url

https://www.phpmyadmin.net/security/PMASA-2018-7

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2018-7

reference_url	https://www.phpmyadmin.net/security/PMASA-2018-7/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2018-7/

reference_url	http://www.securityfocus.com/bid/106175
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106175

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-19969

reference_id

CVE-2018-19969

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-19969

reference_url

https://github.com/advisories/GHSA-xwf2-53mc-r8hx

reference_id

GHSA-xwf2-53mc-r8hx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xwf2-53mc-r8hx

reference_url

https://security.gentoo.org/glsa/201904-16

reference_id

GLSA-201904-16

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201904-16

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.8.4

purl pkg:composer/phpmyadmin/phpmyadmin@4.8.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-br1c-5bzf-ufeu

vulnerability	VCID-g6ud-92qe-hqcx

vulnerability	VCID-gu4y-aeqx-mqak

vulnerability	VCID-jma9-9uhu-xuc3

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-scu3-cfyc-9qfz

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-yfja-ssw3-skh1

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

vulnerability	VCID-zyzp-aqd8-e3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.4

url pkg:composer/phpmyadmin/phpmyadmin@5.0.0

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-2y3v-jnph-hfh4

vulnerability	VCID-41mv-6vqr-sua6

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-araw-4wdy-hqcz

vulnerability	VCID-mk34-h4nz-b3ey

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0

aliases CVE-2018-19969, GHSA-xwf2-53mc-r8hx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-986a-3m4g-83ge

url VCID-9auw-hwad-ybaf

vulnerability_id VCID-9auw-hwad-ybaf

summary

Improper Authentication
An issue was discovered in phpMyAdm in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for allowed pages.

references

reference_url

http://packetstormsecurity.com/files/164623/phpMyAdmin-4.8.1-Remote-Code-Execution.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/164623/phpMyAdmin-4.8.1-Remote-Code-Execution.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12613

reference_id

reference_type

scores

value	0.94281
scoring_system	epss
scoring_elements	0.99938
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12613

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://www.exploit-db.com/exploits/44924

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/44924

reference_url	https://www.exploit-db.com/exploits/44924/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/44924/

reference_url

https://www.exploit-db.com/exploits/44928

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/44928

reference_url	https://www.exploit-db.com/exploits/44928/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/44928/

reference_url

https://www.exploit-db.com/exploits/45020

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/45020

reference_url	https://www.exploit-db.com/exploits/45020/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/45020/

reference_url

https://www.phpmyadmin.net/security/PMASA-2018-4

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2018-4

reference_url	https://www.phpmyadmin.net/security/PMASA-2018-4/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2018-4/

reference_url

http://www.securityfocus.com/bid/104532

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/104532

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin::::::::
reference_id	cpe:2.3:a:phpmyadmin:phpmyadmin::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin::::::::

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/45020.rb
reference_id	CVE-2018-12613
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/45020.rb

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44924.txt
reference_id	CVE-2018-12613
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44924.txt

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44928.txt
reference_id	CVE-2018-12613
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44928.txt

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50457.py
reference_id	CVE-2018-12613
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50457.py

reference_url	https://mp.weixin.qq.com/s?__biz=MzIzMTc1MjExOQ==&mid=2247485036&idx=1&sn=8e9647906c5d94f72564dec5bc51a2ab&chksm=e89e2eb4dfe9a7a28bff2efebb5b2723782dab660acff074c3f18c9e7dca924abdf3da618fb4&mpshare=1&scene=1&srcid=0621gAv1FMtrgoahD01psMZr&pass_ticket=LqhR
reference_id	CVE-2018-12613
reference_type	exploit
scores
url	https://mp.weixin.qq.com/s?__biz=MzIzMTc1MjExOQ==&mid=2247485036&idx=1&sn=8e9647906c5d94f72564dec5bc51a2ab&chksm=e89e2eb4dfe9a7a28bff2efebb5b2723782dab660acff074c3f18c9e7dca924abdf3da618fb4&mpshare=1&scene=1&srcid=0621gAv1FMtrgoahD01psMZr&pass_ticket=LqhR

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12613

reference_id

CVE-2018-12613

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12613

reference_url	https://raw.githubusercontent.com/rapid7/metasploit-framework/1ded8ffb299499e18725f4d549fcadaec5528387/modules/exploits/multi/http/phpmyadmin_lfi_rce.rb
reference_id	CVE-2018-12613
reference_type	exploit
scores
url	https://raw.githubusercontent.com/rapid7/metasploit-framework/1ded8ffb299499e18725f4d549fcadaec5528387/modules/exploits/multi/http/phpmyadmin_lfi_rce.rb

reference_url

https://github.com/advisories/GHSA-x394-g9j8-x7mf

reference_id

GHSA-x394-g9j8-x7mf

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x394-g9j8-x7mf

reference_url

https://security.gentoo.org/glsa/201904-16

reference_id

GLSA-201904-16

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201904-16

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.8.2

purl pkg:composer/phpmyadmin/phpmyadmin@4.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-986a-3m4g-83ge

vulnerability	VCID-br1c-5bzf-ufeu

vulnerability	VCID-ebk2-vjau-57h9

vulnerability	VCID-fchc-55te-akhe

vulnerability	VCID-g6ud-92qe-hqcx

vulnerability	VCID-gu4y-aeqx-mqak

vulnerability	VCID-jma9-9uhu-xuc3

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-qcra-cu62-43he

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-scu3-cfyc-9qfz

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-yfja-ssw3-skh1

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

vulnerability	VCID-zyzp-aqd8-e3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.2

url pkg:composer/phpmyadmin/phpmyadmin@5.0.0

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-2y3v-jnph-hfh4

vulnerability	VCID-41mv-6vqr-sua6

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-araw-4wdy-hqcz

vulnerability	VCID-mk34-h4nz-b3ey

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0

aliases CVE-2018-12613, GHSA-x394-g9j8-x7mf

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9auw-hwad-ybaf

url VCID-br1c-5bzf-ufeu

vulnerability_id VCID-br1c-5bzf-ufeu

summary

SQL Injection
An issue was discovered in phpMyAdmin. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-6798

reference_id

reference_type

scores

value	0.00538
scoring_system	epss
scoring_elements	0.67578
published_at	2026-04-21T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67474
published_at	2026-04-01T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.6751
published_at	2026-04-07T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67532
published_at	2026-04-04T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67562
published_at	2026-04-08T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67575
published_at	2026-04-09T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67598
published_at	2026-04-11T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67584
published_at	2026-04-12T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67551
published_at	2026-04-13T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67587
published_at	2026-04-16T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67599
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-6798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6798

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://www.phpmyadmin.net/security/PMASA-2019-2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2019-2

reference_url	https://www.phpmyadmin.net/security/PMASA-2019-2/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2019-2/

reference_url

http://www.securityfocus.com/bid/106727

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/106727

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920822
reference_id	920822
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920822

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin::::::::
reference_id	cpe:2.3:a:phpmyadmin:phpmyadmin::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-6798

reference_id

CVE-2019-6798

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-6798

reference_url

https://github.com/advisories/GHSA-f732-fxh6-g4qj

reference_id

GHSA-f732-fxh6-g4qj

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f732-fxh6-g4qj

reference_url	https://usn.ubuntu.com/4639-1/
reference_id	USN-4639-1
reference_type
scores
url	https://usn.ubuntu.com/4639-1/

reference_url	https://usn.ubuntu.com/USN-4843-1/
reference_id	USN-USN-4843-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4843-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.8.5

purl pkg:composer/phpmyadmin/phpmyadmin@4.8.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-g6ud-92qe-hqcx

vulnerability	VCID-gu4y-aeqx-mqak

vulnerability	VCID-jma9-9uhu-xuc3

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-scu3-cfyc-9qfz

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

vulnerability	VCID-zyzp-aqd8-e3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.5

url pkg:composer/phpmyadmin/phpmyadmin@5.0.0

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-2y3v-jnph-hfh4

vulnerability	VCID-41mv-6vqr-sua6

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-araw-4wdy-hqcz

vulnerability	VCID-mk34-h4nz-b3ey

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0

aliases CVE-2019-6798, GHSA-f732-fxh6-g4qj

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-br1c-5bzf-ufeu

url VCID-c91y-txcw-2kdy

vulnerability_id VCID-c91y-txcw-2kdy

summary

Cross-site Scripting
An issue was discovered in `js/designer/move.js` in phpMyAdm A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12581

reference_id

reference_type

scores

value	0.0062
scoring_system	epss
scoring_elements	0.70001
published_at	2026-04-04T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70069
published_at	2026-04-21T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.69974
published_at	2026-04-01T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70026
published_at	2026-04-08T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.69987
published_at	2026-04-02T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.69978
published_at	2026-04-07T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70089
published_at	2026-04-18T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.7008
published_at	2026-04-16T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70037
published_at	2026-04-13T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.7005
published_at	2026-04-12T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70065
published_at	2026-04-11T12:55:00Z

value	0.0062
scoring_system	epss
scoring_elements	0.70042
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12581

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12581
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12581

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/6943fff87324bd54c3a37a5160a5fb77498c355e

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/6943fff87324bd54c3a37a5160a5fb77498c355e

reference_url

https://web.archive.org/web/20210124181711/http://www.securityfocus.com/bid/104530

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210124181711/http://www.securityfocus.com/bid/104530

reference_url

https://web.archive.org/web/20210413204012/http://www.securitytracker.com/id/1041187

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210413204012/http://www.securitytracker.com/id/1041187

reference_url

https://www.phpmyadmin.net/security/PMASA-2018-3

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2018-3

reference_url	https://www.phpmyadmin.net/security/PMASA-2018-3/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2018-3/

reference_url	http://www.securityfocus.com/bid/104530
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104530

reference_url	http://www.securitytracker.com/id/1041187
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1041187

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin::::::::
reference_id	cpe:2.3:a:phpmyadmin:phpmyadmin::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12581

reference_id

CVE-2018-12581

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12581

reference_url

https://github.com/advisories/GHSA-vxj6-pm6r-23hq

reference_id

GHSA-vxj6-pm6r-23hq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vxj6-pm6r-23hq

reference_url	https://usn.ubuntu.com/USN-4843-1/
reference_id	USN-USN-4843-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4843-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.8.2

purl pkg:composer/phpmyadmin/phpmyadmin@4.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-986a-3m4g-83ge

vulnerability	VCID-br1c-5bzf-ufeu

vulnerability	VCID-ebk2-vjau-57h9

vulnerability	VCID-fchc-55te-akhe

vulnerability	VCID-g6ud-92qe-hqcx

vulnerability	VCID-gu4y-aeqx-mqak

vulnerability	VCID-jma9-9uhu-xuc3

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-qcra-cu62-43he

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-scu3-cfyc-9qfz

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-yfja-ssw3-skh1

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

vulnerability	VCID-zyzp-aqd8-e3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.2

url pkg:composer/phpmyadmin/phpmyadmin@5.0.0

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-2y3v-jnph-hfh4

vulnerability	VCID-41mv-6vqr-sua6

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-araw-4wdy-hqcz

vulnerability	VCID-mk34-h4nz-b3ey

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0

aliases CVE-2018-12581, GHSA-vxj6-pm6r-23hq

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c91y-txcw-2kdy

url VCID-ebk2-vjau-57h9

vulnerability_id VCID-ebk2-vjau-57h9

summary

Information Exposure
An attacker can exploit phpMyAdm to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-19968

reference_id

reference_type

scores

value	0.02543
scoring_system	epss
scoring_elements	0.85409
published_at	2026-04-02T12:55:00Z

value	0.02543
scoring_system	epss
scoring_elements	0.85495
published_at	2026-04-21T12:55:00Z

value	0.02543
scoring_system	epss
scoring_elements	0.85498
published_at	2026-04-18T12:55:00Z

value	0.02543
scoring_system	epss
scoring_elements	0.85494
published_at	2026-04-16T12:55:00Z

value	0.02543
scoring_system	epss
scoring_elements	0.8547
published_at	2026-04-13T12:55:00Z

value	0.02543
scoring_system	epss
scoring_elements	0.85429
published_at	2026-04-04T12:55:00Z

value	0.02543
scoring_system	epss
scoring_elements	0.85397
published_at	2026-04-01T12:55:00Z

value	0.02543
scoring_system	epss
scoring_elements	0.85474
published_at	2026-04-12T12:55:00Z

value	0.02543
scoring_system	epss
scoring_elements	0.85475
published_at	2026-04-11T12:55:00Z

value	0.02543
scoring_system	epss
scoring_elements	0.85461
published_at	2026-04-09T12:55:00Z

value	0.02543
scoring_system	epss
scoring_elements	0.85453
published_at	2026-04-08T12:55:00Z

value	0.02543
scoring_system	epss
scoring_elements	0.85432
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-19968

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19968
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19968

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732

reference_url

https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html

reference_url

https://www.phpmyadmin.net/security/PMASA-2018-6

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2018-6

reference_url	https://www.phpmyadmin.net/security/PMASA-2018-6/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2018-6/

reference_url

http://www.securityfocus.com/bid/106178

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/106178

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-19968

reference_id

CVE-2018-19968

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-19968

reference_url

https://github.com/advisories/GHSA-xc97-r49q-cxgc

reference_id

GHSA-xc97-r49q-cxgc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xc97-r49q-cxgc

reference_url

https://security.gentoo.org/glsa/201904-16

reference_id

GLSA-201904-16

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201904-16

reference_url	https://usn.ubuntu.com/4639-1/
reference_id	USN-4639-1
reference_type
scores
url	https://usn.ubuntu.com/4639-1/

reference_url	https://usn.ubuntu.com/USN-4843-1/
reference_id	USN-USN-4843-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4843-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.8.4

purl pkg:composer/phpmyadmin/phpmyadmin@4.8.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-br1c-5bzf-ufeu

vulnerability	VCID-g6ud-92qe-hqcx

vulnerability	VCID-gu4y-aeqx-mqak

vulnerability	VCID-jma9-9uhu-xuc3

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-scu3-cfyc-9qfz

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-yfja-ssw3-skh1

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

vulnerability	VCID-zyzp-aqd8-e3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.4

url pkg:composer/phpmyadmin/phpmyadmin@5.0.0

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-2y3v-jnph-hfh4

vulnerability	VCID-41mv-6vqr-sua6

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-araw-4wdy-hqcz

vulnerability	VCID-mk34-h4nz-b3ey

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0

aliases CVE-2018-19968, GHSA-xc97-r49q-cxgc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ebk2-vjau-57h9

url VCID-fchc-55te-akhe

vulnerability_id VCID-fchc-55te-akhe

summary

Cross-site Scripting
An issue was discovered in phpMyAdm. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-15605

reference_id

reference_type

scores

value	0.00675
scoring_system	epss
scoring_elements	0.71465
published_at	2026-04-21T12:55:00Z

value	0.00675
scoring_system	epss
scoring_elements	0.71392
published_at	2026-04-07T12:55:00Z

value	0.00675
scoring_system	epss
scoring_elements	0.714
published_at	2026-04-02T12:55:00Z

value	0.00675
scoring_system	epss
scoring_elements	0.71418
published_at	2026-04-04T12:55:00Z

value	0.00675
scoring_system	epss
scoring_elements	0.71433
published_at	2026-04-08T12:55:00Z

value	0.00675
scoring_system	epss
scoring_elements	0.71446
published_at	2026-04-09T12:55:00Z

value	0.00675
scoring_system	epss
scoring_elements	0.71468
published_at	2026-04-11T12:55:00Z

value	0.00675
scoring_system	epss
scoring_elements	0.71452
published_at	2026-04-12T12:55:00Z

value	0.00675
scoring_system	epss
scoring_elements	0.71434
published_at	2026-04-13T12:55:00Z

value	0.00675
scoring_system	epss
scoring_elements	0.7148
published_at	2026-04-16T12:55:00Z

value	0.00675
scoring_system	epss
scoring_elements	0.71485
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-15605

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/00d90b3ae415b31338f76263359467a9fbebd0a1

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/00d90b3ae415b31338f76263359467a9fbebd0a1

reference_url

https://www.phpmyadmin.net/security/PMASA-2018-5

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2018-5

reference_url	https://www.phpmyadmin.net/security/PMASA-2018-5/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2018-5/

reference_url

http://www.securityfocus.com/bid/105168

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/105168

reference_url

http://www.securitytracker.com/id/1041548

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1041548

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-15605

reference_id

CVE-2018-15605

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-15605

reference_url

https://github.com/advisories/GHSA-c958-4j9x-q7w4

reference_id

GHSA-c958-4j9x-q7w4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c958-4j9x-q7w4

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.8.3

purl pkg:composer/phpmyadmin/phpmyadmin@4.8.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-986a-3m4g-83ge

vulnerability	VCID-br1c-5bzf-ufeu

vulnerability	VCID-ebk2-vjau-57h9

vulnerability	VCID-g6ud-92qe-hqcx

vulnerability	VCID-gu4y-aeqx-mqak

vulnerability	VCID-jma9-9uhu-xuc3

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-qcra-cu62-43he

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-scu3-cfyc-9qfz

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-yfja-ssw3-skh1

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

vulnerability	VCID-zyzp-aqd8-e3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.3

aliases CVE-2018-15605, GHSA-c958-4j9x-q7w4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fchc-55te-akhe

url VCID-ftdj-p5as-97hd

vulnerability_id VCID-ftdj-p5as-97hd

summary

Cross-Site Request Forgery (CSRF)
phpMyAdm has CSRF, allowing an attacker to execute arbitrary SQL statements, related to `js/db_operations.js`, `js/tbl_operations.js`, `libraries/classes/Operations.php`, and `sql.php.`

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-10188

reference_id

reference_type

scores

value	0.00935
scoring_system	epss
scoring_elements	0.7618
published_at	2026-04-21T12:55:00Z

value	0.00935
scoring_system	epss
scoring_elements	0.76093
published_at	2026-04-01T12:55:00Z

value	0.00935
scoring_system	epss
scoring_elements	0.76096
published_at	2026-04-02T12:55:00Z

value	0.00935
scoring_system	epss
scoring_elements	0.76128
published_at	2026-04-04T12:55:00Z

value	0.00935
scoring_system	epss
scoring_elements	0.76107
published_at	2026-04-07T12:55:00Z

value	0.00935
scoring_system	epss
scoring_elements	0.7614
published_at	2026-04-08T12:55:00Z

value	0.00935
scoring_system	epss
scoring_elements	0.76153
published_at	2026-04-09T12:55:00Z

value	0.00935
scoring_system	epss
scoring_elements	0.76179
published_at	2026-04-11T12:55:00Z

value	0.00935
scoring_system	epss
scoring_elements	0.76155
published_at	2026-04-12T12:55:00Z

value	0.00935
scoring_system	epss
scoring_elements	0.76152
published_at	2026-04-13T12:55:00Z

value	0.00935
scoring_system	epss
scoring_elements	0.76193
published_at	2026-04-16T12:55:00Z

value	0.00935
scoring_system	epss
scoring_elements	0.76197
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-10188

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10188
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10188

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/c6dd6b56e236a3aff953cee4135ecaa67130e641

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/c6dd6b56e236a3aff953cee4135ecaa67130e641

reference_url

https://www.exploit-db.com/exploits/44496

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/44496

reference_url	https://www.exploit-db.com/exploits/44496/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/44496/

reference_url

https://www.phpmyadmin.net/security/PMASA-2018-2

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2018-2

reference_url	https://www.phpmyadmin.net/security/PMASA-2018-2/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2018-2/

reference_url

http://www.securityfocus.com/bid/103936

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/103936

reference_url

http://www.securitytracker.com/id/1040752

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1040752

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896490
reference_id	896490
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896490

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:4.8.0:::::::*
reference_id	cpe:2.3:a:phpmyadmin:phpmyadmin:4.8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:4.8.0:::::::*

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44496.html
reference_id	CVE-2018-10188
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44496.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-10188

reference_id

CVE-2018-10188

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-10188

reference_url

https://github.com/advisories/GHSA-v6fp-h79x-9rqc

reference_id

GHSA-v6fp-h79x-9rqc

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v6fp-h79x-9rqc

fixed_packages

url	pkg:composer/phpmyadmin/phpmyadmin@4.8.0%2B1
purl	pkg:composer/phpmyadmin/phpmyadmin@4.8.0%2B1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.0%252B1

url pkg:composer/phpmyadmin/phpmyadmin@5.0.0

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-2y3v-jnph-hfh4

vulnerability	VCID-41mv-6vqr-sua6

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-araw-4wdy-hqcz

vulnerability	VCID-mk34-h4nz-b3ey

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0

aliases CVE-2018-10188, GHSA-v6fp-h79x-9rqc

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ftdj-p5as-97hd

url VCID-g6ud-92qe-hqcx

vulnerability_id VCID-g6ud-92qe-hqcx

summary

phpMyAdmin unsanitized Git information
phpMyAdmin before 4.9.2 does not escape certain Git information, related to `libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php`.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19617

reference_id

reference_type

scores

value	0.01155
scoring_system	epss
scoring_elements	0.78487
published_at	2026-04-02T12:55:00Z

value	0.01155
scoring_system	epss
scoring_elements	0.78518
published_at	2026-04-04T12:55:00Z

value	0.01155
scoring_system	epss
scoring_elements	0.78481
published_at	2026-04-01T12:55:00Z

value	0.01155
scoring_system	epss
scoring_elements	0.78556
published_at	2026-04-21T12:55:00Z

value	0.01155
scoring_system	epss
scoring_elements	0.78559
published_at	2026-04-18T12:55:00Z

value	0.01155
scoring_system	epss
scoring_elements	0.7856
published_at	2026-04-16T12:55:00Z

value	0.01155
scoring_system	epss
scoring_elements	0.78532
published_at	2026-04-13T12:55:00Z

value	0.01155
scoring_system	epss
scoring_elements	0.7854
published_at	2026-04-12T12:55:00Z

value	0.01155
scoring_system	epss
scoring_elements	0.78558
published_at	2026-04-11T12:55:00Z

value	0.01155
scoring_system	epss
scoring_elements	0.78533
published_at	2026-04-09T12:55:00Z

value	0.01155
scoring_system	epss
scoring_elements	0.78528
published_at	2026-04-08T12:55:00Z

value	0.01155
scoring_system	epss
scoring_elements	0.78501
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19617

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19617
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19617

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9

reference_url

https://github.com/phpmyadmin/phpmyadmin/compare/RELEASE_4_9_1...RELEASE_4_9_2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/compare/RELEASE_4_9_1...RELEASE_4_9_2

reference_url

https://lists.debian.org/debian-lts-announce/2019/12/msg00006.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/12/msg00006.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-19617

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-19617

reference_url

https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released

reference_url	https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released/

reference_url

https://github.com/advisories/GHSA-pgph-mc4p-f8c3

reference_id

GHSA-pgph-mc4p-f8c3

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pgph-mc4p-f8c3

reference_url	https://usn.ubuntu.com/4639-1/
reference_id	USN-4639-1
reference_type
scores
url	https://usn.ubuntu.com/4639-1/

reference_url	https://usn.ubuntu.com/USN-4843-1/
reference_id	USN-USN-4843-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4843-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.9.2

purl pkg:composer/phpmyadmin/phpmyadmin@4.9.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-2y3v-jnph-hfh4

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-mk34-h4nz-b3ey

vulnerability	VCID-na3j-h3qr-k7dc

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.2

aliases CVE-2019-19617, GHSA-pgph-mc4p-f8c3

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g6ud-92qe-hqcx

url VCID-gu4y-aeqx-mqak

vulnerability_id VCID-gu4y-aeqx-mqak

summary

SQL injection in phpMyAdmin
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-18622

reference_id

reference_type

scores

value	0.00736
scoring_system	epss
scoring_elements	0.72851
published_at	2026-04-21T12:55:00Z

value	0.00736
scoring_system	epss
scoring_elements	0.72752
published_at	2026-04-01T12:55:00Z

value	0.00736
scoring_system	epss
scoring_elements	0.7276
published_at	2026-04-02T12:55:00Z

value	0.00736
scoring_system	epss
scoring_elements	0.7278
published_at	2026-04-04T12:55:00Z

value	0.00736
scoring_system	epss
scoring_elements	0.72756
published_at	2026-04-07T12:55:00Z

value	0.00736
scoring_system	epss
scoring_elements	0.72794
published_at	2026-04-08T12:55:00Z

value	0.00736
scoring_system	epss
scoring_elements	0.72808
published_at	2026-04-09T12:55:00Z

value	0.00736
scoring_system	epss
scoring_elements	0.72832
published_at	2026-04-11T12:55:00Z

value	0.00736
scoring_system	epss
scoring_elements	0.72815
published_at	2026-04-12T12:55:00Z

value	0.00736
scoring_system	epss
scoring_elements	0.72807
published_at	2026-04-13T12:55:00Z

value	0.00736
scoring_system	epss
scoring_elements	0.72849
published_at	2026-04-16T12:55:00Z

value	0.00736
scoring_system	epss
scoring_elements	0.72859
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-18622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18622

reference_url

https://github.com/phpmyadmin/composer/commit/51acbf53564d9b52e78509a5688ec2b68976b5f7

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer/commit/51acbf53564d9b52e78509a5688ec2b68976b5f7

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-18622

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-18622

reference_url

https://security.gentoo.org/glsa/202003-39

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202003-39

reference_url

https://www.phpmyadmin.net/security/PMASA-2019-5

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2019-5

reference_url	https://www.phpmyadmin.net/security/PMASA-2019-5/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2019-5/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945349
reference_id	945349
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945349

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:::::::*
reference_id	cpe:2.3:a:opensuse:backports_sle:15.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::
reference_id	cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin::::::::
reference_id	cpe:2.3:a:phpmyadmin:phpmyadmin::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*

reference_url

https://github.com/advisories/GHSA-jgjc-332c-8cmc

reference_id

GHSA-jgjc-332c-8cmc

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jgjc-332c-8cmc

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.9.2

purl pkg:composer/phpmyadmin/phpmyadmin@4.9.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-2y3v-jnph-hfh4

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-mk34-h4nz-b3ey

vulnerability	VCID-na3j-h3qr-k7dc

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.2

url pkg:composer/phpmyadmin/phpmyadmin@5.0.0

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-2y3v-jnph-hfh4

vulnerability	VCID-41mv-6vqr-sua6

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-araw-4wdy-hqcz

vulnerability	VCID-mk34-h4nz-b3ey

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0

aliases CVE-2019-18622, GHSA-jgjc-332c-8cmc

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gu4y-aeqx-mqak

url VCID-jma9-9uhu-xuc3

vulnerability_id VCID-jma9-9uhu-xuc3

summary

SQL Injection
A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11768

reference_id

reference_type

scores

value	0.01803
scoring_system	epss
scoring_elements	0.82849
published_at	2026-04-21T12:55:00Z

value	0.01803
scoring_system	epss
scoring_elements	0.82795
published_at	2026-04-08T12:55:00Z

value	0.01803
scoring_system	epss
scoring_elements	0.82801
published_at	2026-04-09T12:55:00Z

value	0.01803
scoring_system	epss
scoring_elements	0.82817
published_at	2026-04-11T12:55:00Z

value	0.01803
scoring_system	epss
scoring_elements	0.82813
published_at	2026-04-12T12:55:00Z

value	0.01803
scoring_system	epss
scoring_elements	0.82808
published_at	2026-04-13T12:55:00Z

value	0.01803
scoring_system	epss
scoring_elements	0.82847
published_at	2026-04-16T12:55:00Z

value	0.01803
scoring_system	epss
scoring_elements	0.82846
published_at	2026-04-18T12:55:00Z

value	0.01803
scoring_system	epss
scoring_elements	0.82743
published_at	2026-04-01T12:55:00Z

value	0.01803
scoring_system	epss
scoring_elements	0.82759
published_at	2026-04-02T12:55:00Z

value	0.01803
scoring_system	epss
scoring_elements	0.82772
published_at	2026-04-04T12:55:00Z

value	0.01803
scoring_system	epss
scoring_elements	0.82769
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11768

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11768
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11768

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/c1ecafc38319e8f768c9259d4d580e42acd5ee86

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/c1ecafc38319e8f768c9259d4d580e42acd5ee86

reference_url

https://www.phpmyadmin.net/security/PMASA-2019-3

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2019-3

reference_url	https://www.phpmyadmin.net/security/PMASA-2019-3/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2019-3/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930048
reference_id	930048
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930048

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-11768

reference_id

CVE-2019-11768

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-11768

reference_url

https://github.com/advisories/GHSA-x37v-98f9-mj32

reference_id

GHSA-x37v-98f9-mj32

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x37v-98f9-mj32

reference_url	https://usn.ubuntu.com/4639-1/
reference_id	USN-4639-1
reference_type
scores
url	https://usn.ubuntu.com/4639-1/

reference_url	https://usn.ubuntu.com/USN-4843-1/
reference_id	USN-USN-4843-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4843-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.9.0.1

purl pkg:composer/phpmyadmin/phpmyadmin@4.9.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-2y3v-jnph-hfh4

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-g6ud-92qe-hqcx

vulnerability	VCID-gu4y-aeqx-mqak

vulnerability	VCID-mk34-h4nz-b3ey

vulnerability	VCID-na3j-h3qr-k7dc

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

vulnerability	VCID-zyzp-aqd8-e3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.0.1

url pkg:composer/phpmyadmin/phpmyadmin@4.9.0%2B1

purl pkg:composer/phpmyadmin/phpmyadmin@4.9.0%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zyzp-aqd8-e3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.0%252B1

aliases CVE-2019-11768, GHSA-x37v-98f9-mj32

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jma9-9uhu-xuc3

url VCID-ngtc-xtjn-xbhp

vulnerability_id VCID-ngtc-xtjn-xbhp

summary

phpMyAdmin SQL injection vulnerability
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10802

reference_id

reference_type

scores

value	0.01622
scoring_system	epss
scoring_elements	0.81852
published_at	2026-04-11T12:55:00Z

value	0.01622
scoring_system	epss
scoring_elements	0.81779
published_at	2026-04-02T12:55:00Z

value	0.01622
scoring_system	epss
scoring_elements	0.81873
published_at	2026-04-21T12:55:00Z

value	0.01622
scoring_system	epss
scoring_elements	0.81871
published_at	2026-04-18T12:55:00Z

value	0.01622
scoring_system	epss
scoring_elements	0.8187
published_at	2026-04-16T12:55:00Z

value	0.01622
scoring_system	epss
scoring_elements	0.81834
published_at	2026-04-13T12:55:00Z

value	0.01622
scoring_system	epss
scoring_elements	0.8184
published_at	2026-04-12T12:55:00Z

value	0.01622
scoring_system	epss
scoring_elements	0.81826
published_at	2026-04-08T12:55:00Z

value	0.01622
scoring_system	epss
scoring_elements	0.818
published_at	2026-04-07T12:55:00Z

value	0.01622
scoring_system	epss
scoring_elements	0.81802
published_at	2026-04-04T12:55:00Z

value	0.01622
scoring_system	epss
scoring_elements	0.81769
published_at	2026-04-01T12:55:00Z

value	0.01622
scoring_system	epss
scoring_elements	0.81833
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10802

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10802.yaml

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10802.yaml

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10802

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:P/A:P

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10802

reference_url

https://www.phpmyadmin.net/security/PMASA-2020-3

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2020-3

reference_url	https://www.phpmyadmin.net/security/PMASA-2020-3/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2020-3/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954665
reference_id	954665
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954665

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:-::::::
reference_id	cpe:2.3:a:opensuse:backports_sle:15.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::
reference_id	cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin::::::::
reference_id	cpe:2.3:a:phpmyadmin:phpmyadmin::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:package_hub:-:::::::*
reference_id	cpe:2.3:a:suse:package_hub:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:package_hub:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:::::::*
reference_id	cpe:2.3:o:suse:linux_enterprise:12.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:::::::*

reference_url

https://github.com/advisories/GHSA-f4cr-3xmc-2wpm

reference_id

GHSA-f4cr-3xmc-2wpm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f4cr-3xmc-2wpm

reference_url	https://usn.ubuntu.com/4639-1/
reference_id	USN-4639-1
reference_type
scores
url	https://usn.ubuntu.com/4639-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.9.5

purl pkg:composer/phpmyadmin/phpmyadmin@4.9.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-2y3v-jnph-hfh4

vulnerability	VCID-mk34-h4nz-b3ey

vulnerability	VCID-na3j-h3qr-k7dc

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-ym9b-4su6-6fbr

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.5

url pkg:composer/phpmyadmin/phpmyadmin@5.0.2

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-2y3v-jnph-hfh4

vulnerability	VCID-araw-4wdy-hqcz

vulnerability	VCID-dsxw-w87t-eycw

vulnerability	VCID-mk34-h4nz-b3ey

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-ym9b-4su6-6fbr

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.2

aliases CVE-2020-10802, GHSA-f4cr-3xmc-2wpm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ngtc-xtjn-xbhp

url VCID-qcra-cu62-43he

vulnerability_id VCID-qcra-cu62-43he

summary

Cross-site Scripting
In phpMyAdm, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted `database/table` name.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-19970

reference_id

reference_type

scores

value	0.01501
scoring_system	epss
scoring_elements	0.81175
published_at	2026-04-21T12:55:00Z

value	0.01501
scoring_system	epss
scoring_elements	0.81074
published_at	2026-04-01T12:55:00Z

value	0.01501
scoring_system	epss
scoring_elements	0.81083
published_at	2026-04-02T12:55:00Z

value	0.01501
scoring_system	epss
scoring_elements	0.81108
published_at	2026-04-04T12:55:00Z

value	0.01501
scoring_system	epss
scoring_elements	0.81107
published_at	2026-04-07T12:55:00Z

value	0.01501
scoring_system	epss
scoring_elements	0.81135
published_at	2026-04-08T12:55:00Z

value	0.01501
scoring_system	epss
scoring_elements	0.81141
published_at	2026-04-09T12:55:00Z

value	0.01501
scoring_system	epss
scoring_elements	0.81159
published_at	2026-04-11T12:55:00Z

value	0.01501
scoring_system	epss
scoring_elements	0.81146
published_at	2026-04-12T12:55:00Z

value	0.01501
scoring_system	epss
scoring_elements	0.81139
published_at	2026-04-13T12:55:00Z

value	0.01501
scoring_system	epss
scoring_elements	0.81176
published_at	2026-04-16T12:55:00Z

value	0.01501
scoring_system	epss
scoring_elements	0.81178
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-19970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19970

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html

reference_url

https://www.phpmyadmin.net/security/PMASA-2018-8

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2018-8

reference_url	https://www.phpmyadmin.net/security/PMASA-2018-8/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2018-8/

reference_url

http://www.securityfocus.com/bid/106181

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/106181

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-19970

reference_id

CVE-2018-19970

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-19970

reference_url

https://github.com/advisories/GHSA-8987-93fh-rcwq

reference_id

GHSA-8987-93fh-rcwq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8987-93fh-rcwq

reference_url

https://security.gentoo.org/glsa/201904-16

reference_id

GLSA-201904-16

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201904-16

reference_url	https://usn.ubuntu.com/4639-1/
reference_id	USN-4639-1
reference_type
scores
url	https://usn.ubuntu.com/4639-1/

reference_url	https://usn.ubuntu.com/USN-4843-1/
reference_id	USN-USN-4843-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4843-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.8.4

purl pkg:composer/phpmyadmin/phpmyadmin@4.8.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-br1c-5bzf-ufeu

vulnerability	VCID-g6ud-92qe-hqcx

vulnerability	VCID-gu4y-aeqx-mqak

vulnerability	VCID-jma9-9uhu-xuc3

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-scu3-cfyc-9qfz

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-yfja-ssw3-skh1

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

vulnerability	VCID-zyzp-aqd8-e3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.4

url pkg:composer/phpmyadmin/phpmyadmin@5.0.0

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-2y3v-jnph-hfh4

vulnerability	VCID-41mv-6vqr-sua6

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-araw-4wdy-hqcz

vulnerability	VCID-mk34-h4nz-b3ey

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0

aliases CVE-2018-19970, GHSA-8987-93fh-rcwq

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qcra-cu62-43he

url VCID-rqy8-n6fr-hqey

vulnerability_id VCID-rqy8-n6fr-hqey

summary

Exposure of Sensitive Information to an Unauthorized Actor
PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0813

reference_id

reference_type

scores

value	0.00318
scoring_system	epss
scoring_elements	0.54905
published_at	2026-04-16T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.54888
published_at	2026-04-21T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.54908
published_at	2026-04-18T12:55:00Z

value	0.00437
scoring_system	epss
scoring_elements	0.63043
published_at	2026-04-04T12:55:00Z

value	0.00437
scoring_system	epss
scoring_elements	0.62955
published_at	2026-04-01T12:55:00Z

value	0.00437
scoring_system	epss
scoring_elements	0.63014
published_at	2026-04-02T12:55:00Z

value	0.00437
scoring_system	epss
scoring_elements	0.63007
published_at	2026-04-07T12:55:00Z

value	0.00437
scoring_system	epss
scoring_elements	0.63058
published_at	2026-04-08T12:55:00Z

value	0.00437
scoring_system	epss
scoring_elements	0.63074
published_at	2026-04-09T12:55:00Z

value	0.00437
scoring_system	epss
scoring_elements	0.63091
published_at	2026-04-11T12:55:00Z

value	0.00437
scoring_system	epss
scoring_elements	0.63077
published_at	2026-04-12T12:55:00Z

value	0.00437
scoring_system	epss
scoring_elements	0.63055
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0813
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0813

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://security.gentoo.org/glsa/202311-17

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202311-17

reference_url	https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information
reference_id
reference_type
scores
url	https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information

reference_url

https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released

reference_url	https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-0813

reference_id

CVE-2022-0813

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-0813

reference_url

https://github.com/advisories/GHSA-vx8q-j7h9-vf6q

reference_id

GHSA-vx8q-j7h9-vf6q

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vx8q-j7h9-vf6q

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@5.1.2

purl pkg:composer/phpmyadmin/phpmyadmin@5.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-araw-4wdy-hqcz

vulnerability	VCID-ym9b-4su6-6fbr

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.1.2

url pkg:composer/phpmyadmin/phpmyadmin@5.1.3

purl pkg:composer/phpmyadmin/phpmyadmin@5.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-araw-4wdy-hqcz

vulnerability	VCID-ym9b-4su6-6fbr

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.1.3

aliases CVE-2022-0813, GHSA-vx8q-j7h9-vf6q

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rqy8-n6fr-hqey

url VCID-scu3-cfyc-9qfz

vulnerability_id VCID-scu3-cfyc-9qfz

summary

Cross-Site Request Forgery (CSRF)
A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken `<img>` tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific `INSERT` or `DELETE` statement) to the victim.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12616

reference_id

reference_type

scores

value	0.55051
scoring_system	epss
scoring_elements	0.98062
published_at	2026-04-21T12:55:00Z

value	0.55051
scoring_system	epss
scoring_elements	0.98038
published_at	2026-04-01T12:55:00Z

value	0.55051
scoring_system	epss
scoring_elements	0.98043
published_at	2026-04-02T12:55:00Z

value	0.55051
scoring_system	epss
scoring_elements	0.98045
published_at	2026-04-04T12:55:00Z

value	0.55051
scoring_system	epss
scoring_elements	0.98047
published_at	2026-04-07T12:55:00Z

value	0.55051
scoring_system	epss
scoring_elements	0.98052
published_at	2026-04-08T12:55:00Z

value	0.55051
scoring_system	epss
scoring_elements	0.98053
published_at	2026-04-09T12:55:00Z

value	0.55051
scoring_system	epss
scoring_elements	0.98058
published_at	2026-04-12T12:55:00Z

value	0.55051
scoring_system	epss
scoring_elements	0.98059
published_at	2026-04-13T12:55:00Z

value	0.55051
scoring_system	epss
scoring_elements	0.98065
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12616

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12616
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12616

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/015c404038c44279d95b6430ee5a0dddc97691ec

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/015c404038c44279d95b6430ee5a0dddc97691ec

reference_url

https://packetstormsecurity.com/files/153251/phpMyAdmin-4.8-Cross-Site-Request-Forgery.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://packetstormsecurity.com/files/153251/phpMyAdmin-4.8-Cross-Site-Request-Forgery.html

reference_url	https://www.phpmyadmin.net/security/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/

reference_url

https://www.phpmyadmin.net/security/PMASA-2019-4

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2019-4

reference_url	https://www.phpmyadmin.net/security/PMASA-2019-4/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2019-4/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930017
reference_id	930017
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930017

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46982.txt
reference_id	CVE-2019-12616
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46982.txt

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12616

reference_id

CVE-2019-12616

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12616

reference_url

https://github.com/advisories/GHSA-mfr9-pcm3-6mwc

reference_id

GHSA-mfr9-pcm3-6mwc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mfr9-pcm3-6mwc

reference_url	https://usn.ubuntu.com/4639-1/
reference_id	USN-4639-1
reference_type
scores
url	https://usn.ubuntu.com/4639-1/

reference_url	https://usn.ubuntu.com/USN-4843-1/
reference_id	USN-USN-4843-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4843-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.9.0

purl pkg:composer/phpmyadmin/phpmyadmin@4.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-2y3v-jnph-hfh4

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-g6ud-92qe-hqcx

vulnerability	VCID-gu4y-aeqx-mqak

vulnerability	VCID-jma9-9uhu-xuc3

vulnerability	VCID-mk34-h4nz-b3ey

vulnerability	VCID-na3j-h3qr-k7dc

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

vulnerability	VCID-zyzp-aqd8-e3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.0

aliases CVE-2019-12616, GHSA-mfr9-pcm3-6mwc

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-scu3-cfyc-9qfz

url VCID-tks3-6uv4-kygf

vulnerability_id VCID-tks3-6uv4-kygf

summary

phpMyAdmin SQL Injection
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10804

reference_id

reference_type

scores

value	0.02444
scoring_system	epss
scoring_elements	0.85208
published_at	2026-04-18T12:55:00Z

value	0.02444
scoring_system	epss
scoring_elements	0.85114
published_at	2026-04-01T12:55:00Z

value	0.02444
scoring_system	epss
scoring_elements	0.85127
published_at	2026-04-02T12:55:00Z

value	0.02444
scoring_system	epss
scoring_elements	0.85144
published_at	2026-04-04T12:55:00Z

value	0.02444
scoring_system	epss
scoring_elements	0.85147
published_at	2026-04-07T12:55:00Z

value	0.02444
scoring_system	epss
scoring_elements	0.85169
published_at	2026-04-08T12:55:00Z

value	0.02444
scoring_system	epss
scoring_elements	0.85177
published_at	2026-04-09T12:55:00Z

value	0.02444
scoring_system	epss
scoring_elements	0.85191
published_at	2026-04-11T12:55:00Z

value	0.02444
scoring_system	epss
scoring_elements	0.85189
published_at	2026-04-12T12:55:00Z

value	0.02444
scoring_system	epss
scoring_elements	0.85186
published_at	2026-04-13T12:55:00Z

value	0.02444
scoring_system	epss
scoring_elements	0.85207
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10804

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10804.yaml

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10804.yaml

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10804

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:P/A:P

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10804

reference_url

https://www.phpmyadmin.net/security/PMASA-2020-2

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2020-2

reference_url	https://www.phpmyadmin.net/security/PMASA-2020-2/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2020-2/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954667
reference_id	954667
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954667

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:-::::::
reference_id	cpe:2.3:a:opensuse:backports_sle:15.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::
reference_id	cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin::::::::
reference_id	cpe:2.3:a:phpmyadmin:phpmyadmin::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:package_hub:-:::::::*
reference_id	cpe:2.3:a:suse:package_hub:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:package_hub:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:::::::*
reference_id	cpe:2.3:o:suse:linux_enterprise:12.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:::::::*

reference_url

https://github.com/advisories/GHSA-h65r-8fp8-w7cx

reference_id

GHSA-h65r-8fp8-w7cx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h65r-8fp8-w7cx

reference_url	https://usn.ubuntu.com/4639-1/
reference_id	USN-4639-1
reference_type
scores
url	https://usn.ubuntu.com/4639-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.9.5

purl pkg:composer/phpmyadmin/phpmyadmin@4.9.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-2y3v-jnph-hfh4

vulnerability	VCID-mk34-h4nz-b3ey

vulnerability	VCID-na3j-h3qr-k7dc

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-ym9b-4su6-6fbr

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.5

url pkg:composer/phpmyadmin/phpmyadmin@5.0.2

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-2y3v-jnph-hfh4

vulnerability	VCID-araw-4wdy-hqcz

vulnerability	VCID-dsxw-w87t-eycw

vulnerability	VCID-mk34-h4nz-b3ey

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-ym9b-4su6-6fbr

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.2

aliases CVE-2020-10804, GHSA-h65r-8fp8-w7cx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tks3-6uv4-kygf

url VCID-yfja-ssw3-skh1

vulnerability_id VCID-yfja-ssw3-skh1

summary

Information Exposure
When the `AllowArbitraryServer` configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the `mysql.allow_local_infile` PHP configuration, and the inadvertent ignoring of `options(MYSQLI_OPT_LOCAL_INFILE` calls.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-6799

reference_id

reference_type

scores

value	0.7658
scoring_system	epss
scoring_elements	0.98948
published_at	2026-04-21T12:55:00Z

value	0.7658
scoring_system	epss
scoring_elements	0.98933
published_at	2026-04-01T12:55:00Z

value	0.7658
scoring_system	epss
scoring_elements	0.98935
published_at	2026-04-02T12:55:00Z

value	0.7658
scoring_system	epss
scoring_elements	0.98937
published_at	2026-04-04T12:55:00Z

value	0.7658
scoring_system	epss
scoring_elements	0.98939
published_at	2026-04-07T12:55:00Z

value	0.7658
scoring_system	epss
scoring_elements	0.98941
published_at	2026-04-09T12:55:00Z

value	0.7658
scoring_system	epss
scoring_elements	0.98943
published_at	2026-04-11T12:55:00Z

value	0.7658
scoring_system	epss
scoring_elements	0.98944
published_at	2026-04-13T12:55:00Z

value	0.7658
scoring_system	epss
scoring_elements	0.98946
published_at	2026-04-16T12:55:00Z

value	0.7658
scoring_system	epss
scoring_elements	0.98947
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-6799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6799

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://lists.debian.org/debian-lts-announce/2019/02/msg00039.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/02/msg00039.html

reference_url

https://www.phpmyadmin.net/security/PMASA-2019-1

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2019-1

reference_url	https://www.phpmyadmin.net/security/PMASA-2019-1/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2019-1/

reference_url

http://www.securityfocus.com/bid/106736

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/106736

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920823
reference_id	920823
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920823

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin::::::::
reference_id	cpe:2.3:a:phpmyadmin:phpmyadmin::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-6799

reference_id

CVE-2019-6799

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-6799

reference_url

https://github.com/advisories/GHSA-c8wj-q36q-3wg4

reference_id

GHSA-c8wj-q36q-3wg4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c8wj-q36q-3wg4

reference_url	https://usn.ubuntu.com/4639-1/
reference_id	USN-4639-1
reference_type
scores
url	https://usn.ubuntu.com/4639-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.8.5

purl pkg:composer/phpmyadmin/phpmyadmin@4.8.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-g6ud-92qe-hqcx

vulnerability	VCID-gu4y-aeqx-mqak

vulnerability	VCID-jma9-9uhu-xuc3

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-scu3-cfyc-9qfz

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

vulnerability	VCID-zyzp-aqd8-e3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.5

url pkg:composer/phpmyadmin/phpmyadmin@5.0.0

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-2y3v-jnph-hfh4

vulnerability	VCID-41mv-6vqr-sua6

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-araw-4wdy-hqcz

vulnerability	VCID-mk34-h4nz-b3ey

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0

aliases CVE-2019-6799, GHSA-c8wj-q36q-3wg4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yfja-ssw3-skh1

url VCID-ym9b-4su6-6fbr

vulnerability_id VCID-ym9b-4su6-6fbr

summary

Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger Cross-site Scripting (XSS) by uploading a crafted .sql file through the drag-and-drop interface. By disabling the configuration directive `$cfg['enable_drag_drop_import']`, users will be unable to use the drag and drop upload which would protect against the vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-25727

reference_id

reference_type

scores

value	0.1094
scoring_system	epss
scoring_elements	0.93405
published_at	2026-04-13T12:55:00Z

value	0.1094
scoring_system	epss
scoring_elements	0.93434
published_at	2026-04-21T12:55:00Z

value	0.1094
scoring_system	epss
scoring_elements	0.93428
published_at	2026-04-18T12:55:00Z

value	0.1094
scoring_system	epss
scoring_elements	0.93423
published_at	2026-04-16T12:55:00Z

value	0.11079
scoring_system	epss
scoring_elements	0.93425
published_at	2026-04-02T12:55:00Z

value	0.11079
scoring_system	epss
scoring_elements	0.93433
published_at	2026-04-07T12:55:00Z

value	0.11079
scoring_system	epss
scoring_elements	0.93441
published_at	2026-04-08T12:55:00Z

value	0.11079
scoring_system	epss
scoring_elements	0.93445
published_at	2026-04-09T12:55:00Z

value	0.11079
scoring_system	epss
scoring_elements	0.9345
published_at	2026-04-11T12:55:00Z

value	0.11079
scoring_system	epss
scoring_elements	0.93451
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-25727

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25727
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25727

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/53f70fd7f3b388639922e6cc1ca51fbe890c91cc

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/53f70fd7f3b388639922e6cc1ca51fbe890c91cc

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e

reference_url

https://www.phpmyadmin.net/security/PMASA-2023-1

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2023-1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-25727

reference_id

CVE-2023-25727

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-25727

reference_url

https://github.com/advisories/GHSA-6hr3-44gx-g6wh

reference_id

GHSA-6hr3-44gx-g6wh

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6hr3-44gx-g6wh

reference_url

https://www.phpmyadmin.net/security/PMASA-2023-1/

reference_id

PMASA-2023-1

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:52:37Z/

url

https://www.phpmyadmin.net/security/PMASA-2023-1/

fixed_packages

url	pkg:composer/phpmyadmin/phpmyadmin@4.9.11
purl	pkg:composer/phpmyadmin/phpmyadmin@4.9.11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.11

url pkg:composer/phpmyadmin/phpmyadmin@5.2.1

purl pkg:composer/phpmyadmin/phpmyadmin@5.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-araw-4wdy-hqcz

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.2.1

aliases CVE-2023-25727, GHSA-6hr3-44gx-g6wh

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ym9b-4su6-6fbr

url VCID-znfm-ak2t-mqdd

vulnerability_id VCID-znfm-ak2t-mqdd

summary

phpMyAdmin SQL injection vulnerability
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10803

reference_id

reference_type

scores

value	0.03554
scoring_system	epss
scoring_elements	0.87708
published_at	2026-04-21T12:55:00Z

value	0.03554
scoring_system	epss
scoring_elements	0.87643
published_at	2026-04-01T12:55:00Z

value	0.03554
scoring_system	epss
scoring_elements	0.87653
published_at	2026-04-02T12:55:00Z

value	0.03554
scoring_system	epss
scoring_elements	0.87666
published_at	2026-04-04T12:55:00Z

value	0.03554
scoring_system	epss
scoring_elements	0.87667
published_at	2026-04-07T12:55:00Z

value	0.03554
scoring_system	epss
scoring_elements	0.87688
published_at	2026-04-08T12:55:00Z

value	0.03554
scoring_system	epss
scoring_elements	0.87694
published_at	2026-04-09T12:55:00Z

value	0.03554
scoring_system	epss
scoring_elements	0.87706
published_at	2026-04-11T12:55:00Z

value	0.03554
scoring_system	epss
scoring_elements	0.87699
published_at	2026-04-12T12:55:00Z

value	0.03554
scoring_system	epss
scoring_elements	0.87697
published_at	2026-04-13T12:55:00Z

value	0.03554
scoring_system	epss
scoring_elements	0.87712
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10803

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10803.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10803.yaml

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10803

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10803

reference_url

https://www.phpmyadmin.net/security/PMASA-2020-4

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2020-4

reference_url	https://www.phpmyadmin.net/security/PMASA-2020-4/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2020-4/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954666
reference_id	954666
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954666

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:-::::::
reference_id	cpe:2.3:a:opensuse:backports_sle:15.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::
reference_id	cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin::::::::
reference_id	cpe:2.3:a:phpmyadmin:phpmyadmin::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:package_hub:-:::::::*
reference_id	cpe:2.3:a:suse:package_hub:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:package_hub:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:::::::*
reference_id	cpe:2.3:o:suse:linux_enterprise:12.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:::::::*

reference_url

https://github.com/advisories/GHSA-fcww-8wvc-38q9

reference_id

GHSA-fcww-8wvc-38q9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fcww-8wvc-38q9

reference_url	https://usn.ubuntu.com/4639-1/
reference_id	USN-4639-1
reference_type
scores
url	https://usn.ubuntu.com/4639-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.9.5

purl pkg:composer/phpmyadmin/phpmyadmin@4.9.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-2y3v-jnph-hfh4

vulnerability	VCID-mk34-h4nz-b3ey

vulnerability	VCID-na3j-h3qr-k7dc

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-ym9b-4su6-6fbr

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.5

url pkg:composer/phpmyadmin/phpmyadmin@5.0.2

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-2y3v-jnph-hfh4

vulnerability	VCID-araw-4wdy-hqcz

vulnerability	VCID-dsxw-w87t-eycw

vulnerability	VCID-mk34-h4nz-b3ey

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-ym9b-4su6-6fbr

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.2

aliases CVE-2020-10803, GHSA-fcww-8wvc-38q9

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-znfm-ak2t-mqdd

url VCID-zyzp-aqd8-e3a9

vulnerability_id VCID-zyzp-aqd8-e3a9

summary

phpMyAdmin Cross-Site Request Forgery (CSRF)
A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html

reference_url

http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12922

reference_id

reference_type

scores

value	0.4225
scoring_system	epss
scoring_elements	0.97459
published_at	2026-04-21T12:55:00Z

value	0.4225
scoring_system	epss
scoring_elements	0.97422
published_at	2026-04-01T12:55:00Z

value	0.4225
scoring_system	epss
scoring_elements	0.97429
published_at	2026-04-02T12:55:00Z

value	0.4225
scoring_system	epss
scoring_elements	0.97433
published_at	2026-04-04T12:55:00Z

value	0.4225
scoring_system	epss
scoring_elements	0.97434
published_at	2026-04-07T12:55:00Z

value	0.4225
scoring_system	epss
scoring_elements	0.97441
published_at	2026-04-08T12:55:00Z

value	0.4225
scoring_system	epss
scoring_elements	0.97442
published_at	2026-04-09T12:55:00Z

value	0.4225
scoring_system	epss
scoring_elements	0.97445
published_at	2026-04-11T12:55:00Z

value	0.4225
scoring_system	epss
scoring_elements	0.97447
published_at	2026-04-13T12:55:00Z

value	0.4225
scoring_system	epss
scoring_elements	0.97456
published_at	2026-04-16T12:55:00Z

value	0.4225
scoring_system	epss
scoring_elements	0.9746
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12922

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12922
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12922

reference_url

http://seclists.org/fulldisclosure/2019/Sep/23

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2019/Sep/23

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12922

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:P

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12922

reference_url

https://www.exploit-db.com/exploits/47385

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/47385

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin::::::::
reference_id	cpe:2.3:a:phpmyadmin:phpmyadmin::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:29:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/47385.txt
reference_id	CVE-2019-12922
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/47385.txt

reference_url

https://github.com/advisories/GHSA-4c9q-64gq-xhx4

reference_id

GHSA-4c9q-64gq-xhx4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4c9q-64gq-xhx4

reference_url	https://usn.ubuntu.com/USN-4843-1/
reference_id	USN-USN-4843-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4843-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.9.1

purl pkg:composer/phpmyadmin/phpmyadmin@4.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-2y3v-jnph-hfh4

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-g6ud-92qe-hqcx

vulnerability	VCID-gu4y-aeqx-mqak

vulnerability	VCID-mk34-h4nz-b3ey

vulnerability	VCID-na3j-h3qr-k7dc

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.1

url pkg:composer/phpmyadmin/phpmyadmin@5.0.0

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2jjv-4en4-e3gx

vulnerability	VCID-2y3v-jnph-hfh4

vulnerability	VCID-41mv-6vqr-sua6

vulnerability	VCID-5657-kcyh-7bc2

vulnerability	VCID-araw-4wdy-hqcz

vulnerability	VCID-mk34-h4nz-b3ey

vulnerability	VCID-ngtc-xtjn-xbhp

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-tks3-6uv4-kygf

vulnerability	VCID-ym9b-4su6-6fbr

vulnerability	VCID-znfm-ak2t-mqdd

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0

aliases CVE-2019-12922, GHSA-4c9q-64gq-xhx4

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zyzp-aqd8-e3a9

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.0

Package Instance