Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/390907?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/390907?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.6", "type": "composer", "namespace": "phpmyadmin", "name": "phpmyadmin", "version": "4.7.6", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.9.11", "latest_non_vulnerable_version": "5.2.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218796?format=api", "vulnerability_id": "VCID-3fqj-9fn2-uqhe", "summary": "An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15605", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00671", "scoring_system": "epss", "scoring_elements": "0.71949", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00671", "scoring_system": "epss", "scoring_elements": "0.71945", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00675", "scoring_system": "epss", "scoring_elements": "0.71936", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00675", "scoring_system": "epss", "scoring_elements": "0.72021", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-15605" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/00d90b3ae415b31338f76263359467a9fbebd0a1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/00d90b3ae415b31338f76263359467a9fbebd0a1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15605", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15605" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2018-5" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2018-5/" }, { "reference_url": "http://www.securityfocus.com/bid/105168", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/105168" }, { "reference_url": "http://www.securitytracker.com/id/1041548", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1041548" }, { "reference_url": "https://github.com/advisories/GHSA-c958-4j9x-q7w4", "reference_id": "GHSA-c958-4j9x-q7w4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c958-4j9x-q7w4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385286?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-5vg7-fddm-sqfr" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-b55b-rsv5-4ydv" }, { "vulnerability": "VCID-cauk-7k6d-hbdd" }, { "vulnerability": "VCID-cmu6-m7cr-7fa7" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-fkv9-r3fc-zyau" }, { "vulnerability": "VCID-h5ft-zg32-myhg" }, { "vulnerability": "VCID-m92n-w5zs-qkfr" }, { "vulnerability": "VCID-ngjc-296q-f3fu" }, { "vulnerability": "VCID-nwea-842b-hbet" }, { "vulnerability": "VCID-pu49-c9vu-rbec" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" }, { "vulnerability": "VCID-w2y5-u1vp-xuh6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.3" } ], "aliases": [ "CVE-2018-15605", "GHSA-c958-4j9x-q7w4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3fqj-9fn2-uqhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207613?format=api", "vulnerability_id": "VCID-4f9y-mpe6-akgc", "summary": "In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10802", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01229", "scoring_system": "epss", "scoring_elements": "0.79645", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01229", "scoring_system": "epss", "scoring_elements": "0.79637", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01229", "scoring_system": "epss", "scoring_elements": "0.79652", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01229", "scoring_system": "epss", "scoring_elements": "0.79571", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10802" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10802.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10802.yaml" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10802", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10802" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2020-3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2020-3" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2020-3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2020-3/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954665", "reference_id": "954665", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954665" }, { "reference_url": "https://github.com/advisories/GHSA-f4cr-3xmc-2wpm", "reference_id": "GHSA-f4cr-3xmc-2wpm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f4cr-3xmc-2wpm" }, { "reference_url": "https://usn.ubuntu.com/4639-1/", "reference_id": "USN-4639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4639-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/384714?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-k8q3-v7cc-7yhq" }, { "vulnerability": "VCID-rzd6-pqqs-a3em" }, { "vulnerability": "VCID-vb6g-x173-9khp" }, { "vulnerability": "VCID-xsbv-xna2-qfeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/380009?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-87ne-4523-v7fa" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-k8q3-v7cc-7yhq" }, { "vulnerability": "VCID-p55p-hbqm-xqg1" }, { "vulnerability": "VCID-rzd6-pqqs-a3em" }, { "vulnerability": "VCID-vb6g-x173-9khp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.2" } ], "aliases": [ "CVE-2020-10802", "GHSA-f4cr-3xmc-2wpm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4f9y-mpe6-akgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206755?format=api", "vulnerability_id": "VCID-5vg7-fddm-sqfr", "summary": "An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12616", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.49922", "scoring_system": "epss", "scoring_elements": "0.97875", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.49922", "scoring_system": "epss", "scoring_elements": "0.97884", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.49922", "scoring_system": "epss", "scoring_elements": "0.97885", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.49922", "scoring_system": "epss", "scoring_elements": "0.97886", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12616" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12616", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12616" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/015c404038c44279d95b6430ee5a0dddc97691ec", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/015c404038c44279d95b6430ee5a0dddc97691ec" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12616", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12616" }, { "reference_url": "https://packetstormsecurity.com/files/153251/phpMyAdmin-4.8-Cross-Site-Request-Forgery.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packetstormsecurity.com/files/153251/phpMyAdmin-4.8-Cross-Site-Request-Forgery.html" }, { "reference_url": "https://www.phpmyadmin.net/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2019-4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2019-4" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2019-4/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2019-4/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930017", "reference_id": "930017", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930017" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46982.txt", "reference_id": "CVE-2019-12616", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46982.txt" }, { "reference_url": "https://github.com/advisories/GHSA-mfr9-pcm3-6mwc", "reference_id": "GHSA-mfr9-pcm3-6mwc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mfr9-pcm3-6mwc" }, { "reference_url": "https://usn.ubuntu.com/4639-1/", "reference_id": "USN-4639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4639-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4843-1/", "reference_id": "USN-USN-4843-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4843-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18869?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-b55b-rsv5-4ydv" }, { "vulnerability": "VCID-cauk-7k6d-hbdd" }, { "vulnerability": "VCID-cmu6-m7cr-7fa7" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-h5ft-zg32-myhg" }, { "vulnerability": "VCID-k8q3-v7cc-7yhq" }, { "vulnerability": "VCID-rzd6-pqqs-a3em" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" }, { "vulnerability": "VCID-w2y5-u1vp-xuh6" }, { "vulnerability": "VCID-xsbv-xna2-qfeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.0" } ], "aliases": [ "CVE-2019-12616", "GHSA-mfr9-pcm3-6mwc" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5vg7-fddm-sqfr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/129282?format=api", "vulnerability_id": "VCID-7ab3-tj6r-r3g7", "summary": "In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25727", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09658", "scoring_system": "epss", "scoring_elements": "0.931", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.09658", "scoring_system": "epss", "scoring_elements": "0.93075", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.09658", "scoring_system": "epss", "scoring_elements": "0.93101", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.09658", "scoring_system": "epss", "scoring_elements": "0.93099", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25727" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25727", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25727" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/53f70fd7f3b388639922e6cc1ca51fbe890c91cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/53f70fd7f3b388639922e6cc1ca51fbe890c91cc" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25727", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25727" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2023-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2023-1" }, { "reference_url": "https://github.com/advisories/GHSA-6hr3-44gx-g6wh", "reference_id": "GHSA-6hr3-44gx-g6wh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6hr3-44gx-g6wh" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2023-1/", "reference_id": "PMASA-2023-1", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:52:37Z/" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2023-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380376?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/380377?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-87ne-4523-v7fa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.2.1" } ], "aliases": [ "CVE-2023-25727", "GHSA-6hr3-44gx-g6wh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ab3-tj6r-r3g7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/205966?format=api", "vulnerability_id": "VCID-7k46-nxcx-zfdz", "summary": "An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12581", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60689", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60795", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60804", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60796", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12581" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/6943fff87324bd54c3a37a5160a5fb77498c355e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/6943fff87324bd54c3a37a5160a5fb77498c355e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12581", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12581" }, { "reference_url": "https://web.archive.org/web/20210124181711/http://www.securityfocus.com/bid/104530", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210124181711/http://www.securityfocus.com/bid/104530" }, { "reference_url": "https://web.archive.org/web/20210413204012/http://www.securitytracker.com/id/1041187", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210413204012/http://www.securitytracker.com/id/1041187" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2018-3" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2018-3/" }, { "reference_url": "http://www.securityfocus.com/bid/104530", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104530" }, { "reference_url": "http://www.securitytracker.com/id/1041187", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1041187" }, { "reference_url": "https://github.com/advisories/GHSA-vxj6-pm6r-23hq", "reference_id": "GHSA-vxj6-pm6r-23hq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vxj6-pm6r-23hq" }, { "reference_url": "https://usn.ubuntu.com/USN-4843-1/", "reference_id": "USN-USN-4843-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4843-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21012?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3fqj-9fn2-uqhe" }, { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-5vg7-fddm-sqfr" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-b55b-rsv5-4ydv" }, { "vulnerability": "VCID-cauk-7k6d-hbdd" }, { "vulnerability": "VCID-cmu6-m7cr-7fa7" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-fkv9-r3fc-zyau" }, { "vulnerability": "VCID-h5ft-zg32-myhg" }, { "vulnerability": "VCID-m92n-w5zs-qkfr" }, { "vulnerability": "VCID-ngjc-296q-f3fu" }, { "vulnerability": "VCID-nwea-842b-hbet" }, { "vulnerability": "VCID-pu49-c9vu-rbec" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" }, { "vulnerability": "VCID-w2y5-u1vp-xuh6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/22490?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-87ne-4523-v7fa" }, { "vulnerability": "VCID-arcu-5cnd-wkdk" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-h5ft-zg32-myhg" }, { "vulnerability": "VCID-k8q3-v7cc-7yhq" }, { "vulnerability": "VCID-rzd6-pqqs-a3em" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0" } ], "aliases": [ "CVE-2018-12581", "GHSA-vxj6-pm6r-23hq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7k46-nxcx-zfdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206686?format=api", "vulnerability_id": "VCID-b55b-rsv5-4ydv", "summary": "An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11768", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01109", "scoring_system": "epss", "scoring_elements": "0.78539", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01109", "scoring_system": "epss", "scoring_elements": "0.78605", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01109", "scoring_system": "epss", "scoring_elements": "0.78623", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01109", "scoring_system": "epss", "scoring_elements": "0.78618", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11768" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11768", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11768" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/c1ecafc38319e8f768c9259d4d580e42acd5ee86", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/c1ecafc38319e8f768c9259d4d580e42acd5ee86" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11768", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11768" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2019-3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2019-3" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2019-3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2019-3/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930048", "reference_id": "930048", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930048" }, { "reference_url": "https://github.com/advisories/GHSA-x37v-98f9-mj32", "reference_id": "GHSA-x37v-98f9-mj32", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x37v-98f9-mj32" }, { "reference_url": "https://usn.ubuntu.com/4639-1/", "reference_id": "USN-4639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4639-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4843-1/", "reference_id": "USN-USN-4843-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4843-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23846?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.0%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cmu6-m7cr-7fa7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.0%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/442658?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-cauk-7k6d-hbdd" }, { "vulnerability": "VCID-cmu6-m7cr-7fa7" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-h5ft-zg32-myhg" }, { "vulnerability": "VCID-k8q3-v7cc-7yhq" }, { "vulnerability": "VCID-rzd6-pqqs-a3em" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" }, { "vulnerability": "VCID-w2y5-u1vp-xuh6" }, { "vulnerability": "VCID-xsbv-xna2-qfeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.0.1" } ], "aliases": [ "CVE-2019-11768", "GHSA-x37v-98f9-mj32" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b55b-rsv5-4ydv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/177294?format=api", "vulnerability_id": "VCID-cauk-7k6d-hbdd", "summary": "An SQL injection vulnerability in phpMyAdmin may allow attackers to\n execute arbitrary SQL statements.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18622", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00556", "scoring_system": "epss", "scoring_elements": "0.68702", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00556", "scoring_system": "epss", "scoring_elements": "0.68707", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00556", "scoring_system": "epss", "scoring_elements": "0.68693", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00556", "scoring_system": "epss", "scoring_elements": "0.68604", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18622" }, { "reference_url": "https://github.com/phpmyadmin/composer/commit/51acbf53564d9b52e78509a5688ec2b68976b5f7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer/commit/51acbf53564d9b52e78509a5688ec2b68976b5f7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH/" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2019-5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2019-5" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2019-5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2019-5/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945349", "reference_id": "945349", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945349" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18622", "reference_id": "CVE-2019-18622", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18622" }, { "reference_url": "https://github.com/advisories/GHSA-jgjc-332c-8cmc", "reference_id": "GHSA-jgjc-332c-8cmc", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jgjc-332c-8cmc" }, { "reference_url": "https://security.gentoo.org/glsa/202003-39", "reference_id": "GLSA-202003-39", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202003-39" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15974?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-h5ft-zg32-myhg" }, { "vulnerability": "VCID-k8q3-v7cc-7yhq" }, { "vulnerability": "VCID-rzd6-pqqs-a3em" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" }, { "vulnerability": "VCID-xsbv-xna2-qfeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/22490?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-87ne-4523-v7fa" }, { "vulnerability": "VCID-arcu-5cnd-wkdk" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-h5ft-zg32-myhg" }, { "vulnerability": "VCID-k8q3-v7cc-7yhq" }, { "vulnerability": "VCID-rzd6-pqqs-a3em" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0" } ], "aliases": [ "CVE-2019-18622", "GHSA-jgjc-332c-8cmc" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cauk-7k6d-hbdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206764?format=api", "vulnerability_id": "VCID-cmu6-m7cr-7fa7", "summary": "A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html" }, { "reference_url": "http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12922", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.31957", "scoring_system": "epss", "scoring_elements": "0.96929", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.31957", "scoring_system": "epss", "scoring_elements": "0.96943", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.31957", "scoring_system": "epss", "scoring_elements": "0.9694", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.31957", "scoring_system": "epss", "scoring_elements": "0.96944", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12922" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Sep/23", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Sep/23" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN" }, { "reference_url": "https://www.exploit-db.com/exploits/47385", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/47385" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/47385.txt", "reference_id": "CVE-2019-12922", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/47385.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12922", "reference_id": "CVE-2019-12922", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12922" }, { "reference_url": "https://github.com/advisories/GHSA-4c9q-64gq-xhx4", "reference_id": "GHSA-4c9q-64gq-xhx4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4c9q-64gq-xhx4" }, { "reference_url": "https://usn.ubuntu.com/USN-4843-1/", "reference_id": "USN-USN-4843-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4843-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23847?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-cauk-7k6d-hbdd" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-h5ft-zg32-myhg" }, { "vulnerability": "VCID-k8q3-v7cc-7yhq" }, { "vulnerability": "VCID-rzd6-pqqs-a3em" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" }, { "vulnerability": "VCID-w2y5-u1vp-xuh6" }, { "vulnerability": "VCID-xsbv-xna2-qfeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/22490?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-87ne-4523-v7fa" }, { "vulnerability": "VCID-arcu-5cnd-wkdk" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-h5ft-zg32-myhg" }, { "vulnerability": "VCID-k8q3-v7cc-7yhq" }, { "vulnerability": "VCID-rzd6-pqqs-a3em" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0" } ], "aliases": [ "CVE-2019-12922", "GHSA-4c9q-64gq-xhx4" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cmu6-m7cr-7fa7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/325176?format=api", "vulnerability_id": "VCID-dv3f-h92r-37gs", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-22278", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61683", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61784", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61792", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61786", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-22278" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22278", "reference_id": "CVE-2020-22278", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22278" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22491?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-87ne-4523-v7fa" }, { "vulnerability": "VCID-vb6g-x173-9khp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.3" } ], "aliases": [ "CVE-2020-22278" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dv3f-h92r-37gs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207615?format=api", "vulnerability_id": "VCID-e8jm-k1ee-v3dg", "summary": "In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10804", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01913", "scoring_system": "epss", "scoring_elements": "0.83694", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01913", "scoring_system": "epss", "scoring_elements": "0.83752", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01913", "scoring_system": "epss", "scoring_elements": "0.83761", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01913", "scoring_system": "epss", "scoring_elements": "0.83758", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10804" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10804.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10804.yaml" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10804", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10804" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2020-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2020-2" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2020-2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2020-2/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954667", "reference_id": "954667", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954667" }, { "reference_url": "https://github.com/advisories/GHSA-h65r-8fp8-w7cx", "reference_id": "GHSA-h65r-8fp8-w7cx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h65r-8fp8-w7cx" }, { "reference_url": "https://usn.ubuntu.com/4639-1/", "reference_id": "USN-4639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4639-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/384714?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-k8q3-v7cc-7yhq" }, { "vulnerability": "VCID-rzd6-pqqs-a3em" }, { "vulnerability": "VCID-vb6g-x173-9khp" }, { "vulnerability": "VCID-xsbv-xna2-qfeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/380009?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-87ne-4523-v7fa" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-k8q3-v7cc-7yhq" }, { "vulnerability": "VCID-p55p-hbqm-xqg1" }, { "vulnerability": "VCID-rzd6-pqqs-a3em" }, { "vulnerability": "VCID-vb6g-x173-9khp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.2" } ], "aliases": [ "CVE-2020-10804", "GHSA-h65r-8fp8-w7cx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e8jm-k1ee-v3dg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/181209?format=api", "vulnerability_id": "VCID-fkv9-r3fc-zyau", "summary": "Multiple vulnerabilities have been found in phpMyAdmin, the worst\n of which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19969", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63522", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63623", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63638", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63634", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19969" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19969", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19969" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19969", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19969" }, { "reference_url": "https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/106175", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/106175" }, { "reference_url": "https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/106175/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/106175/" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-7", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2018-7" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2018-7/" }, { "reference_url": "http://www.securityfocus.com/bid/106175", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106175" }, { "reference_url": "https://github.com/advisories/GHSA-xwf2-53mc-r8hx", "reference_id": "GHSA-xwf2-53mc-r8hx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xwf2-53mc-r8hx" }, { "reference_url": "https://security.gentoo.org/glsa/201904-16", "reference_id": "GLSA-201904-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201904-16" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385830?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3fqj-9fn2-uqhe" }, { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-5vg7-fddm-sqfr" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-7k46-nxcx-zfdz" }, { "vulnerability": "VCID-b55b-rsv5-4ydv" }, { "vulnerability": "VCID-cauk-7k6d-hbdd" }, { "vulnerability": "VCID-cmu6-m7cr-7fa7" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-h5ft-zg32-myhg" }, { "vulnerability": "VCID-m92n-w5zs-qkfr" }, { "vulnerability": "VCID-mdf6-k5zm-5uen" }, { "vulnerability": "VCID-ngjc-296q-f3fu" }, { "vulnerability": "VCID-nwea-842b-hbet" }, { "vulnerability": "VCID-pu49-c9vu-rbec" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" }, { "vulnerability": "VCID-w2y5-u1vp-xuh6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/384958?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-5vg7-fddm-sqfr" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-b55b-rsv5-4ydv" }, { "vulnerability": "VCID-cauk-7k6d-hbdd" }, { "vulnerability": "VCID-cmu6-m7cr-7fa7" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-h5ft-zg32-myhg" }, { "vulnerability": "VCID-ngjc-296q-f3fu" }, { "vulnerability": "VCID-pu49-c9vu-rbec" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" }, { "vulnerability": "VCID-w2y5-u1vp-xuh6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/22490?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-87ne-4523-v7fa" }, { "vulnerability": "VCID-arcu-5cnd-wkdk" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-h5ft-zg32-myhg" }, { "vulnerability": "VCID-k8q3-v7cc-7yhq" }, { "vulnerability": "VCID-rzd6-pqqs-a3em" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0" } ], "aliases": [ "CVE-2018-19969", "GHSA-xwf2-53mc-r8hx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fkv9-r3fc-zyau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208023?format=api", "vulnerability_id": "VCID-h5ft-zg32-myhg", "summary": "In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5504", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.2219", "scoring_system": "epss", "scoring_elements": "0.9593", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.2219", "scoring_system": "epss", "scoring_elements": "0.95943", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.2219", "scoring_system": "epss", "scoring_elements": "0.95944", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.2219", "scoring_system": "epss", "scoring_elements": "0.95947", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5504" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5504" }, { "reference_url": "https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-5504.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-5504.yaml" }, { "reference_url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-5504.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-5504.md" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5504", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5504" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2020-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2020-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948718", "reference_id": "948718", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948718" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52451.txt", "reference_id": "CVE-2020-5504", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52451.txt" }, { "reference_url": "https://github.com/advisories/GHSA-fgj8-93xx-f6g6", "reference_id": "GHSA-fgj8-93xx-f6g6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fgj8-93xx-f6g6" }, { "reference_url": "https://usn.ubuntu.com/4639-1/", "reference_id": "USN-4639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4639-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4843-1/", "reference_id": "USN-USN-4843-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4843-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/384552?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-k8q3-v7cc-7yhq" }, { "vulnerability": "VCID-rzd6-pqqs-a3em" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" }, { "vulnerability": "VCID-xsbv-xna2-qfeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/384553?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-87ne-4523-v7fa" }, { "vulnerability": "VCID-arcu-5cnd-wkdk" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-k8q3-v7cc-7yhq" }, { "vulnerability": "VCID-rzd6-pqqs-a3em" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.1" } ], "aliases": [ "CVE-2020-5504", "GHSA-fgj8-93xx-f6g6" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h5ft-zg32-myhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/181210?format=api", "vulnerability_id": "VCID-m92n-w5zs-qkfr", "summary": "Multiple vulnerabilities have been found in phpMyAdmin, the worst\n of which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19970", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01296", "scoring_system": "epss", "scoring_elements": "0.80112", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01296", "scoring_system": "epss", "scoring_elements": "0.80175", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01296", "scoring_system": "epss", "scoring_elements": "0.8019", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01296", "scoring_system": "epss", "scoring_elements": "0.80182", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19970" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19970", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19970" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2018-8" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-8/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2018-8/" }, { "reference_url": "http://www.securityfocus.com/bid/106181", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/106181" }, { "reference_url": "https://github.com/advisories/GHSA-8987-93fh-rcwq", "reference_id": "GHSA-8987-93fh-rcwq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8987-93fh-rcwq" }, { "reference_url": "https://security.gentoo.org/glsa/201904-16", "reference_id": "GLSA-201904-16", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201904-16" }, { "reference_url": "https://usn.ubuntu.com/4639-1/", "reference_id": "USN-4639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4639-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4843-1/", "reference_id": "USN-USN-4843-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4843-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/384958?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-5vg7-fddm-sqfr" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-b55b-rsv5-4ydv" }, { "vulnerability": "VCID-cauk-7k6d-hbdd" }, { "vulnerability": "VCID-cmu6-m7cr-7fa7" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-h5ft-zg32-myhg" }, { "vulnerability": "VCID-ngjc-296q-f3fu" }, { "vulnerability": "VCID-pu49-c9vu-rbec" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" }, { "vulnerability": "VCID-w2y5-u1vp-xuh6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/22490?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-87ne-4523-v7fa" }, { "vulnerability": "VCID-arcu-5cnd-wkdk" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-h5ft-zg32-myhg" }, { "vulnerability": "VCID-k8q3-v7cc-7yhq" }, { "vulnerability": "VCID-rzd6-pqqs-a3em" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0" } ], "aliases": [ "CVE-2018-19970", "GHSA-8987-93fh-rcwq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m92n-w5zs-qkfr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197776?format=api", "vulnerability_id": "VCID-mdf6-k5zm-5uen", "summary": "cross-site scripting", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7260", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.5401", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53881", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.54006", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.54023", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7260" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7260", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7260" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7260", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7260" }, { "reference_url": "https://udiniya.wordpress.com/2018/02/21/a-tale-of-stealing-session-cookie-in-phpmyadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://udiniya.wordpress.com/2018/02/21/a-tale-of-stealing-session-cookie-in-phpmyadmin" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2018-1" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2018-1/" }, { "reference_url": "http://www.securityfocus.com/bid/103099", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/103099" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893539", "reference_id": "893539", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893539" }, { "reference_url": "https://security.archlinux.org/ASA-201802-11", "reference_id": "ASA-201802-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201802-11" }, { "reference_url": "https://security.archlinux.org/AVG-630", "reference_id": "AVG-630", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-630" }, { "reference_url": "https://github.com/advisories/GHSA-gqmj-f46x-wqhw", "reference_id": "GHSA-gqmj-f46x-wqhw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gqmj-f46x-wqhw" }, { "reference_url": "https://usn.ubuntu.com/4639-1/", "reference_id": "USN-4639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4639-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4843-1/", "reference_id": "USN-USN-4843-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4843-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/384521?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3fqj-9fn2-uqhe" }, { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-5vg7-fddm-sqfr" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-7k46-nxcx-zfdz" }, { "vulnerability": "VCID-b55b-rsv5-4ydv" }, { "vulnerability": "VCID-cauk-7k6d-hbdd" }, { "vulnerability": "VCID-cmu6-m7cr-7fa7" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-h5ft-zg32-myhg" }, { "vulnerability": "VCID-m92n-w5zs-qkfr" }, { "vulnerability": "VCID-ngjc-296q-f3fu" }, { "vulnerability": "VCID-nwea-842b-hbet" }, { "vulnerability": "VCID-pu49-c9vu-rbec" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" }, { "vulnerability": "VCID-w2y5-u1vp-xuh6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/22490?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-87ne-4523-v7fa" }, { "vulnerability": "VCID-arcu-5cnd-wkdk" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-h5ft-zg32-myhg" }, { "vulnerability": "VCID-k8q3-v7cc-7yhq" }, { "vulnerability": "VCID-rzd6-pqqs-a3em" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0" } ], "aliases": [ "CVE-2018-7260", "GHSA-gqmj-f46x-wqhw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mdf6-k5zm-5uen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207366?format=api", "vulnerability_id": "VCID-ngjc-296q-f3fu", "summary": "An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of \"options(MYSQLI_OPT_LOCAL_INFILE\" calls.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6799", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.76961", "scoring_system": "epss", "scoring_elements": "0.98986", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.76961", "scoring_system": "epss", "scoring_elements": "0.98982", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6799" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00039.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00039.html" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2019-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2019-1" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2019-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2019-1/" }, { "reference_url": "http://www.securityfocus.com/bid/106736", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/106736" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920823", "reference_id": "920823", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920823" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6799", "reference_id": "CVE-2019-6799", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6799" }, { "reference_url": "https://github.com/advisories/GHSA-c8wj-q36q-3wg4", "reference_id": "GHSA-c8wj-q36q-3wg4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c8wj-q36q-3wg4" }, { "reference_url": "https://usn.ubuntu.com/4639-1/", "reference_id": "USN-4639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4639-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21732?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-5vg7-fddm-sqfr" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-b55b-rsv5-4ydv" }, { "vulnerability": "VCID-cauk-7k6d-hbdd" }, { "vulnerability": "VCID-cmu6-m7cr-7fa7" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-h5ft-zg32-myhg" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" }, { "vulnerability": "VCID-w2y5-u1vp-xuh6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/22490?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-87ne-4523-v7fa" }, { "vulnerability": "VCID-arcu-5cnd-wkdk" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-h5ft-zg32-myhg" }, { "vulnerability": "VCID-k8q3-v7cc-7yhq" }, { "vulnerability": "VCID-rzd6-pqqs-a3em" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0" } ], "aliases": [ "CVE-2019-6799", "GHSA-c8wj-q36q-3wg4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ngjc-296q-f3fu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/181207?format=api", "vulnerability_id": "VCID-nwea-842b-hbet", "summary": "Multiple vulnerabilities have been found in phpMyAdmin, the worst\n of which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19968", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02384", "scoring_system": "epss", "scoring_elements": "0.85341", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02384", "scoring_system": "epss", "scoring_elements": "0.85393", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02384", "scoring_system": "epss", "scoring_elements": "0.85402", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02384", "scoring_system": "epss", "scoring_elements": "0.85395", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19968" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19968", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19968" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19968", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19968" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2018-6" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-6/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2018-6/" }, { "reference_url": "http://www.securityfocus.com/bid/106178", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/106178" }, { "reference_url": "https://github.com/advisories/GHSA-xc97-r49q-cxgc", "reference_id": "GHSA-xc97-r49q-cxgc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xc97-r49q-cxgc" }, { "reference_url": "https://security.gentoo.org/glsa/201904-16", "reference_id": "GLSA-201904-16", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201904-16" }, { "reference_url": "https://usn.ubuntu.com/4639-1/", "reference_id": "USN-4639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4639-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4843-1/", "reference_id": "USN-USN-4843-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4843-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/384958?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-5vg7-fddm-sqfr" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-b55b-rsv5-4ydv" }, { "vulnerability": "VCID-cauk-7k6d-hbdd" }, { "vulnerability": "VCID-cmu6-m7cr-7fa7" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-h5ft-zg32-myhg" }, { "vulnerability": "VCID-ngjc-296q-f3fu" }, { "vulnerability": "VCID-pu49-c9vu-rbec" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" }, { "vulnerability": "VCID-w2y5-u1vp-xuh6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/22490?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-87ne-4523-v7fa" }, { "vulnerability": "VCID-arcu-5cnd-wkdk" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-h5ft-zg32-myhg" }, { "vulnerability": "VCID-k8q3-v7cc-7yhq" }, { "vulnerability": "VCID-rzd6-pqqs-a3em" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0" } ], "aliases": [ "CVE-2018-19968", "GHSA-xc97-r49q-cxgc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nwea-842b-hbet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207365?format=api", "vulnerability_id": "VCID-pu49-c9vu-rbec", "summary": "An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6798", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.6071", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.60815", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.60825", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.60816", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6798" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6798", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6798" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2019-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2019-2" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2019-2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2019-2/" }, { "reference_url": "http://www.securityfocus.com/bid/106727", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/106727" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920822", "reference_id": "920822", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920822" }, { "reference_url": "https://github.com/advisories/GHSA-f732-fxh6-g4qj", "reference_id": "GHSA-f732-fxh6-g4qj", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f732-fxh6-g4qj" }, { "reference_url": "https://usn.ubuntu.com/4639-1/", "reference_id": "USN-4639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4639-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4843-1/", "reference_id": "USN-USN-4843-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4843-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21732?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-5vg7-fddm-sqfr" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-b55b-rsv5-4ydv" }, { "vulnerability": "VCID-cauk-7k6d-hbdd" }, { "vulnerability": "VCID-cmu6-m7cr-7fa7" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-h5ft-zg32-myhg" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" }, { "vulnerability": "VCID-w2y5-u1vp-xuh6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/22490?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-87ne-4523-v7fa" }, { "vulnerability": "VCID-arcu-5cnd-wkdk" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-h5ft-zg32-myhg" }, { "vulnerability": "VCID-k8q3-v7cc-7yhq" }, { "vulnerability": "VCID-rzd6-pqqs-a3em" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0" } ], "aliases": [ "CVE-2019-6798", "GHSA-f732-fxh6-g4qj" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pu49-c9vu-rbec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207614?format=api", "vulnerability_id": "VCID-sya2-1y7u-b7hu", "summary": "In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10803", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02712", "scoring_system": "epss", "scoring_elements": "0.86238", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02712", "scoring_system": "epss", "scoring_elements": "0.86289", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02712", "scoring_system": "epss", "scoring_elements": "0.86299", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02712", "scoring_system": "epss", "scoring_elements": "0.86297", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10803" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10803.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10803.yaml" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10803", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10803" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2020-4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2020-4" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2020-4/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2020-4/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954666", "reference_id": "954666", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954666" }, { "reference_url": "https://github.com/advisories/GHSA-fcww-8wvc-38q9", "reference_id": "GHSA-fcww-8wvc-38q9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fcww-8wvc-38q9" }, { "reference_url": "https://usn.ubuntu.com/4639-1/", "reference_id": "USN-4639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4639-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/384714?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-k8q3-v7cc-7yhq" }, { "vulnerability": "VCID-rzd6-pqqs-a3em" }, { "vulnerability": "VCID-vb6g-x173-9khp" }, { "vulnerability": "VCID-xsbv-xna2-qfeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/380009?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-87ne-4523-v7fa" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-k8q3-v7cc-7yhq" }, { "vulnerability": "VCID-p55p-hbqm-xqg1" }, { "vulnerability": "VCID-rzd6-pqqs-a3em" }, { "vulnerability": "VCID-vb6g-x173-9khp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.2" } ], "aliases": [ "CVE-2020-10803", "GHSA-fcww-8wvc-38q9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sya2-1y7u-b7hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218795?format=api", "vulnerability_id": "VCID-ucfd-2whz-j3ep", "summary": "phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.", "references": [ { "reference_url": "http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click" }, { "reference_url": "http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000499", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11439", "scoring_system": "epss", "scoring_elements": "0.9376", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.11439", "scoring_system": "epss", "scoring_elements": "0.9378", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.11439", "scoring_system": "epss", "scoring_elements": "0.93784", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.11439", "scoring_system": "epss", "scoring_elements": "0.93786", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000499" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000499", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000499" }, { "reference_url": "https://web.archive.org/web/20201208204518/http://www.securitytracker.com/id/1040163", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201208204518/http://www.securitytracker.com/id/1040163" }, { "reference_url": "https://www.exploit-db.com/exploits/45284", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/45284" }, { "reference_url": "https://www.exploit-db.com/exploits/45284/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/45284/" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2017-9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2017-9" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2017-9/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2017-9/" }, { "reference_url": "http://www.securitytracker.com/id/1040163", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1040163" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/45284.txt", "reference_id": "CVE-2017-1000499", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/45284.txt" }, { "reference_url": "https://github.com/advisories/GHSA-f9hx-5jq4-fgjm", "reference_id": "GHSA-f9hx-5jq4-fgjm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f9hx-5jq4-fgjm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385830?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3fqj-9fn2-uqhe" }, { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-5vg7-fddm-sqfr" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-7k46-nxcx-zfdz" }, { "vulnerability": "VCID-b55b-rsv5-4ydv" }, { "vulnerability": "VCID-cauk-7k6d-hbdd" }, { "vulnerability": "VCID-cmu6-m7cr-7fa7" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-h5ft-zg32-myhg" }, { "vulnerability": "VCID-m92n-w5zs-qkfr" }, { "vulnerability": "VCID-mdf6-k5zm-5uen" }, { "vulnerability": "VCID-ngjc-296q-f3fu" }, { "vulnerability": "VCID-nwea-842b-hbet" }, { "vulnerability": "VCID-pu49-c9vu-rbec" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" }, { "vulnerability": "VCID-w2y5-u1vp-xuh6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.7" } ], "aliases": [ "CVE-2017-1000499", "GHSA-f9hx-5jq4-fgjm" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ucfd-2whz-j3ep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11154?format=api", "vulnerability_id": "VCID-vb6g-x173-9khp", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0813", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.55344", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.55347", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.55223", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.55361", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0813" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information" }, { "reference_url": "https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released" }, { "reference_url": "https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0813", "reference_id": "CVE-2022-0813", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0813" }, { "reference_url": "https://github.com/advisories/GHSA-vx8q-j7h9-vf6q", "reference_id": "GHSA-vx8q-j7h9-vf6q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vx8q-j7h9-vf6q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18868?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-87ne-4523-v7fa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/19652?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-87ne-4523-v7fa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.1.3" } ], "aliases": [ "CVE-2022-0813", "GHSA-vx8q-j7h9-vf6q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vb6g-x173-9khp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207113?format=api", "vulnerability_id": "VCID-w2y5-u1vp-xuh6", "summary": "phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00997", "scoring_system": "epss", "scoring_elements": "0.77386", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00997", "scoring_system": "epss", "scoring_elements": "0.77456", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00997", "scoring_system": "epss", "scoring_elements": "0.77471", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00997", "scoring_system": "epss", "scoring_elements": "0.77462", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19617" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19617", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19617" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/compare/RELEASE_4_9_1...RELEASE_4_9_2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/compare/RELEASE_4_9_1...RELEASE_4_9_2" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00006.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19617", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19617" }, { "reference_url": "https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released" }, { "reference_url": "https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released/" }, { "reference_url": "https://github.com/advisories/GHSA-pgph-mc4p-f8c3", "reference_id": "GHSA-pgph-mc4p-f8c3", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pgph-mc4p-f8c3" }, { "reference_url": "https://usn.ubuntu.com/4639-1/", "reference_id": "USN-4639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4639-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4843-1/", "reference_id": "USN-USN-4843-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4843-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15974?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9y-mpe6-akgc" }, { "vulnerability": "VCID-7ab3-tj6r-r3g7" }, { "vulnerability": "VCID-dv3f-h92r-37gs" }, { "vulnerability": "VCID-e8jm-k1ee-v3dg" }, { "vulnerability": "VCID-h5ft-zg32-myhg" }, { "vulnerability": "VCID-k8q3-v7cc-7yhq" }, { "vulnerability": "VCID-rzd6-pqqs-a3em" }, { "vulnerability": "VCID-sya2-1y7u-b7hu" }, { "vulnerability": "VCID-vb6g-x173-9khp" }, { "vulnerability": "VCID-xsbv-xna2-qfeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.2" } ], "aliases": [ "CVE-2019-19617", "GHSA-pgph-mc4p-f8c3" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w2y5-u1vp-xuh6" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.6" }