Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/324892?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/324892?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=x86&distroversion=v3.17&reponame=community", "type": "apk", "namespace": "alpine", "name": "phpmyadmin", "version": "4.6.5.2-r0", "qualifiers": { "arch": "x86", "distroversion": "v3.17", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "4.8.2-r0", "latest_non_vulnerable_version": "5.1.2-r0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98187?format=api", "vulnerability_id": "VCID-31jg-3pzb-y3b6", "summary": "An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the fopen wrapper issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9853", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00589", "scoring_system": "epss", "scoring_elements": "0.69581", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00589", "scoring_system": "epss", "scoring_elements": "0.69591", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00589", "scoring_system": "epss", "scoring_elements": "0.69583", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00589", "scoring_system": "epss", "scoring_elements": "0.69544", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9853" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9853", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9853" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9853", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9853" }, { "reference_url": "https://security.gentoo.org/glsa/201701-32", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201701-32" }, { "reference_url": "https://web.archive.org/web/20210127193655/http://www.securityfocus.com/bid/94527", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210127193655/http://www.securityfocus.com/bid/94527" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-63", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2016-63" }, { "reference_url": "https://github.com/advisories/GHSA-rmmf-5xhh-gg27", "reference_id": "GHSA-rmmf-5xhh-gg27", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rmmf-5xhh-gg27" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/324892?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=x86&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=x86&distroversion=v3.17&reponame=community" } ], "aliases": [ "CVE-2016-9853", "GHSA-rmmf-5xhh-gg27" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-31jg-3pzb-y3b6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98185?format=api", "vulnerability_id": "VCID-ajeh-4q9t-sydz", "summary": "An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9850", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68788", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68828", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68835", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9850" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9850", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9850" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/324892?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=x86&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=x86&distroversion=v3.17&reponame=community" } ], "aliases": [ "CVE-2016-9850" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ajeh-4q9t-sydz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98190?format=api", "vulnerability_id": "VCID-dfsz-1y13-yug9", "summary": "An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9858", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00553", "scoring_system": "epss", "scoring_elements": "0.68419", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00553", "scoring_system": "epss", "scoring_elements": "0.6846", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00553", "scoring_system": "epss", "scoring_elements": "0.68468", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00553", "scoring_system": "epss", "scoring_elements": "0.68462", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9858" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9858", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9858" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/324892?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=x86&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=x86&distroversion=v3.17&reponame=community" } ], "aliases": [ "CVE-2016-9858" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dfsz-1y13-yug9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98184?format=api", "vulnerability_id": "VCID-dj5f-y77j-d7dx", "summary": "An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9849", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44277", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53113", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53121", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53102", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9849" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9849", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9849" }, { "reference_url": "https://usn.ubuntu.com/USN-4843-1/", "reference_id": "USN-USN-4843-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4843-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/324892?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=x86&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=x86&distroversion=v3.17&reponame=community" } ], "aliases": [ "CVE-2016-9849" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dj5f-y77j-d7dx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98183?format=api", "vulnerability_id": "VCID-jabw-t2hb-q3e9", "summary": "An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9848", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.567", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56752", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56759", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56748", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9848" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9848", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9848" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/324892?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=x86&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=x86&distroversion=v3.17&reponame=community" } ], "aliases": [ "CVE-2016-9848" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jabw-t2hb-q3e9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98192?format=api", "vulnerability_id": "VCID-m59w-cug5-wbe2", "summary": "An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9862", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00405", "scoring_system": "epss", "scoring_elements": "0.61341", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00405", "scoring_system": "epss", "scoring_elements": "0.61389", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00405", "scoring_system": "epss", "scoring_elements": "0.61397", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00405", "scoring_system": "epss", "scoring_elements": "0.61383", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9862" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9862", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9862" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/324892?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=x86&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=x86&distroversion=v3.17&reponame=community" } ], "aliases": [ "CVE-2016-9862" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m59w-cug5-wbe2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38278?format=api", "vulnerability_id": "VCID-n66y-s36g-fqck", "summary": "Improper Input Validation\nAn issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with `$cfg['AllowArbitraryServer']=true`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9860", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72539", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72568", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72586", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72579", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9860" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9860", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9860" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://security.gentoo.org/glsa/201701-32", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201701-32" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-65", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2016-65" }, { "reference_url": "http://www.securityfocus.com/bid/94525", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/94525" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9860", "reference_id": "CVE-2016-9860", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9860" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/324892?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=x86&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=x86&distroversion=v3.17&reponame=community" } ], "aliases": [ "CVE-2016-9860", "GHSA-3hw5-fffc-qrg4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n66y-s36g-fqck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38271?format=api", "vulnerability_id": "VCID-nv3j-xj42-wfcw", "summary": "Incomplete List of Disallowed Inputs\nAn issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9861", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.4492", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44973", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44993", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44989", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9861" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9861", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9861" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html" }, { "reference_url": "https://security.gentoo.org/glsa/201701-32", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201701-32" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-66", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2016-66" }, { "reference_url": "http://www.securityfocus.com/bid/94535", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/94535" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9861", "reference_id": "CVE-2016-9861", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9861" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/324892?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=x86&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=x86&distroversion=v3.17&reponame=community" } ], "aliases": [ "CVE-2016-9861", "GHSA-r326-mp8g-6xfc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nv3j-xj42-wfcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98189?format=api", "vulnerability_id": "VCID-p361-saxs-97g9", "summary": "An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the PMA_shutdownDuringExport issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9855", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.6637", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66411", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66419", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66403", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9855" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/324892?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=x86&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=x86&distroversion=v3.17&reponame=community" } ], "aliases": [ "CVE-2016-9855" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p361-saxs-97g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98195?format=api", "vulnerability_id": "VCID-q2wv-kbra-5kg8", "summary": "An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9865", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01202", "scoring_system": "epss", "scoring_elements": "0.79258", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01202", "scoring_system": "epss", "scoring_elements": "0.79284", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01202", "scoring_system": "epss", "scoring_elements": "0.7929", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01202", "scoring_system": "epss", "scoring_elements": "0.79282", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9865" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/324892?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=x86&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=x86&distroversion=v3.17&reponame=community" } ], "aliases": [ "CVE-2016-9865" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q2wv-kbra-5kg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98188?format=api", "vulnerability_id": "VCID-q7zq-5xpn-93dd", "summary": "An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the json_decode issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9854", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.6637", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66411", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66419", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66403", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9854" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/324892?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=x86&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=x86&distroversion=v3.17&reponame=community" } ], "aliases": [ "CVE-2016-9854" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q7zq-5xpn-93dd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98193?format=api", "vulnerability_id": "VCID-qeac-129m-1udw", "summary": "An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9863", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.7106", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.71093", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.71109", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.71103", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9863" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9863", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9863" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9863", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9863" }, { "reference_url": "https://security.gentoo.org/glsa/201701-32", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201701-32" }, { "reference_url": "https://web.archive.org/web/20210123194704/http://www.securityfocus.com/bid/94526", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123194704/http://www.securityfocus.com/bid/94526" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-68", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2016-68" }, { "reference_url": "https://github.com/advisories/GHSA-qgrq-64g6-mmh6", "reference_id": "GHSA-qgrq-64g6-mmh6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qgrq-64g6-mmh6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/324892?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=x86&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=x86&distroversion=v3.17&reponame=community" } ], "aliases": [ "CVE-2016-9863", "GHSA-qgrq-64g6-mmh6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qeac-129m-1udw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38275?format=api", "vulnerability_id": "VCID-rc63-nakx-ebbe", "summary": "Cross-site Scripting\nAn issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9857", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49373", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49427", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49445", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49434", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9857" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9857", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9857" }, { "reference_url": "https://security.gentoo.org/glsa/201701-32", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201701-32" }, { "reference_url": "https://web.archive.org/web/20210123194716/http://www.securityfocus.com/bid/94530", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123194716/http://www.securityfocus.com/bid/94530" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-64", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2016-64" }, { "reference_url": "http://www.securityfocus.com/bid/94530", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94530" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9857", "reference_id": "CVE-2016-9857", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9857" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/324892?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=x86&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=x86&distroversion=v3.17&reponame=community" } ], "aliases": [ "CVE-2016-9857", "GHSA-hmmx-wxh4-9w8w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rc63-nakx-ebbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98191?format=api", "vulnerability_id": "VCID-rsrk-jwbt-qfhe", "summary": "An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9859", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00553", "scoring_system": "epss", "scoring_elements": "0.68419", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00553", "scoring_system": "epss", "scoring_elements": "0.6846", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00553", "scoring_system": "epss", "scoring_elements": "0.68468", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00553", "scoring_system": "epss", "scoring_elements": "0.68462", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9859" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9859", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9859" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/324892?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=x86&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=x86&distroversion=v3.17&reponame=community" } ], "aliases": [ "CVE-2016-9859" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rsrk-jwbt-qfhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38284?format=api", "vulnerability_id": "VCID-segg-gk79-9bc6", "summary": "Improper Input Validation\nAn issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9851", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47525", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47574", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47591", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47589", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9851" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9851", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9851" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://security.gentoo.org/glsa/201701-32", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201701-32" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-62", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2016-62" }, { "reference_url": "http://www.securityfocus.com/bid/94534", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/94534" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9851", "reference_id": "CVE-2016-9851", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9851" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/324892?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=x86&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=x86&distroversion=v3.17&reponame=community" } ], "aliases": [ "CVE-2016-9851", "GHSA-r2vw-p77f-vc27" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-segg-gk79-9bc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38277?format=api", "vulnerability_id": "VCID-utga-335m-dua9", "summary": "Cross-site Scripting\nAn XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9856", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49373", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49427", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49445", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49434", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9856" }, { "reference_url": "https://security.gentoo.org/glsa/201701-32", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201701-32" }, { "reference_url": "https://web.archive.org/web/20210123194716/http://www.securityfocus.com/bid/94530", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123194716/http://www.securityfocus.com/bid/94530" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-64", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2016-64" }, { "reference_url": "http://www.securityfocus.com/bid/94530", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94530" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9856", "reference_id": "CVE-2016-9856", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9856" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/324892?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=x86&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=x86&distroversion=v3.17&reponame=community" } ], "aliases": [ "CVE-2016-9856", "GHSA-j8mx-x32r-5rf4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-utga-335m-dua9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98186?format=api", "vulnerability_id": "VCID-v1kx-5wa1-r7he", "summary": "An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the curl wrapper issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9852", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.6637", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66411", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66419", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00501", "scoring_system": "epss", "scoring_elements": "0.66403", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9852" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/324892?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=x86&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=x86&distroversion=v3.17&reponame=community" } ], "aliases": [ "CVE-2016-9852" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v1kx-5wa1-r7he" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98194?format=api", "vulnerability_id": "VCID-vpf2-5j4s-jqeb", "summary": "An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9864", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48175", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48177", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48159", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.62193", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9864" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/324892?format=api", "purl": "pkg:apk/alpine/phpmyadmin@4.6.5.2-r0?arch=x86&distroversion=v3.17&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=x86&distroversion=v3.17&reponame=community" } ], "aliases": [ "CVE-2016-9864" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vpf2-5j4s-jqeb" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.6.5.2-r0%3Farch=x86&distroversion=v3.17&reponame=community" }