Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/52532?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/52532?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.0.0", "type": "composer", "namespace": "phpmyadmin", "name": "phpmyadmin", "version": "4.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.0.2", "latest_non_vulnerable_version": "5.2.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38033?format=api", "vulnerability_id": "VCID-1hvw-4h4d-zkhv", "summary": "Cross-site Scripting\nMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin allow remote authenticated users to inject arbitrary web script or HTML.", "references": [ { "reference_url": "http://www.phpmyadmin.net/home_page/security/PMASA-2016-3.php", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2016-3.php" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2040", "reference_id": "CVE-2016-2040", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2040" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52548?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2016-2040" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1hvw-4h4d-zkhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38671?format=api", "vulnerability_id": "VCID-23dq-w66r-k3bt", "summary": "Cross-site Scripting\nphpMyAdmin is vulnerable to a CSS injection attack through crafted cookie parameters.", "references": [ { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2017-4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2017-4" }, { "reference_url": "http://www.securityfocus.com/bid/95726", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95726" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000015", "reference_id": "CVE-2017-1000015", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000015" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2017-1000015" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-23dq-w66r-k3bt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38148?format=api", "vulnerability_id": "VCID-2vqn-z4en-duh4", "summary": "Information Exposure\nphpMyAdmin allows remote attackers to obtain sensitive information.", "references": [ { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-23/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2016-23/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5730", "reference_id": "CVE-2016-5730", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5730" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2016-5730" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2vqn-z4en-duh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38682?format=api", "vulnerability_id": "VCID-38tp-acy8-57hj", "summary": "Improper Input Validation\nphpMyAdmin is vulnerable to a DoS weakness in the table editing functionality.", "references": [ { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2017-3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2017-3" }, { "reference_url": "http://www.securityfocus.com/bid/95721", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95721" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000014", "reference_id": "CVE-2017-1000014", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000014" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2017-1000014" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-38tp-acy8-57hj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38286?format=api", "vulnerability_id": "VCID-3va7-xx14-gkds", "summary": "Information Exposure\nAn issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user.", "references": [ { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-36", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2016-36" }, { "reference_url": "http://www.securityfocus.com/bid/94115", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94115" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6613", "reference_id": "CVE-2016-6613", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6613" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2016-6613" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3va7-xx14-gkds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38281?format=api", "vulnerability_id": "VCID-44uc-xrvp-7bet", "summary": "Incomplete List of Disallowed Inputs\nAn issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules.", "references": [ { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-47", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2016-47" }, { "reference_url": "http://www.securityfocus.com/bid/92489", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/92489" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6624", "reference_id": "CVE-2016-6624", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6624" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2016-6624" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-44uc-xrvp-7bet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38289?format=api", "vulnerability_id": "VCID-4avx-e9mf-2yb1", "summary": "Uncontrolled Resouce Consumption\nAn issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server.", "references": [ { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-41", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2016-41" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6618", "reference_id": "CVE-2016-6618", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6618" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2016-6618" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4avx-e9mf-2yb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38034?format=api", "vulnerability_id": "VCID-4kax-4bpz-g7c5", "summary": "Covert Timing Channel\n`libraries/common.inc.php` in phpMyAdmin does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.", "references": [ { "reference_url": "http://www.phpmyadmin.net/home_page/security/PMASA-2016-5.php", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2016-5.php" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2041", "reference_id": "CVE-2016-2041", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2041" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52548?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2016-2041" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4kax-4bpz-g7c5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38287?format=api", "vulnerability_id": "VCID-4vgu-cagj-hfhb", "summary": "Command Injection\nAn issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature.", "references": [ { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-32", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2016-32" }, { "reference_url": "http://www.securityfocus.com/bid/94112", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94112" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6609", "reference_id": "CVE-2016-6609", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6609" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2016-6609" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4vgu-cagj-hfhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40500?format=api", "vulnerability_id": "VCID-4wn2-pnbv-sked", "summary": "Cross-site Scripting\nIn phpMyAdm, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted `database/table` name.", "references": [ { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-8/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2018-8/" }, { "reference_url": "http://www.securityfocus.com/bid/106181", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106181" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19970", "reference_id": "CVE-2018-19970", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19970" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57122?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajf6-bk2g-wkb7" }, { "vulnerability": "VCID-bd83-vf81-sfa4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.4" } ], "aliases": [ "CVE-2018-19970" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4wn2-pnbv-sked" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40494?format=api", "vulnerability_id": "VCID-52xs-45kd-w3hz", "summary": "Information Exposure\nAn attacker can exploit phpMyAdm to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.", "references": [ { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-6/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2018-6/" }, { "reference_url": "http://www.securityfocus.com/bid/106178", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106178" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19968", "reference_id": "CVE-2018-19968", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19968" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57122?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajf6-bk2g-wkb7" }, { "vulnerability": "VCID-bd83-vf81-sfa4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.4" } ], "aliases": [ "CVE-2018-19968" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-52xs-45kd-w3hz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40645?format=api", "vulnerability_id": "VCID-ajf6-bk2g-wkb7", "summary": "Information Exposure\nWhen the `AllowArbitraryServer` configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the `mysql.allow_local_infile` PHP configuration, and the inadvertent ignoring of `options(MYSQLI_OPT_LOCAL_INFILE` calls.", "references": [ { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2019-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2019-1/" }, { "reference_url": "http://www.securityfocus.com/bid/106736", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106736" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6799", "reference_id": "CVE-2019-6799", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6799" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57378?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.8.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.5" } ], "aliases": [ "CVE-2019-6799" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ajf6-bk2g-wkb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44009?format=api", "vulnerability_id": "VCID-amgy-teas-euh5", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00004.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00004.html" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/7b8962dede7631298c81e2c1cd267b81f1e08a8c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/7b8962dede7631298c81e2c1cd267b81f1e08a8c" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/bd68c54d1beeef79d237e8bfda44690834012a76", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/bd68c54d1beeef79d237e8bfda44690834012a76" }, { "reference_url": "https://web.archive.org/web/20200228163625/http://www.securityfocus.com/bid/70731", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20200228163625/http://www.securityfocus.com/bid/70731" }, { "reference_url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-12.php", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-12.php" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8326", "reference_id": "CVE-2014-8326", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8326" }, { "reference_url": "https://github.com/advisories/GHSA-pvr5-84gr-g985", "reference_id": "GHSA-pvr5-84gr-g985", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pvr5-84gr-g985" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63270?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10%252B5" }, { "url": "http://public2.vulnerablecode.io/api/packages/63271?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.1.14%2B6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.1.14%252B6" }, { "url": "http://public2.vulnerablecode.io/api/packages/63272?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.2.10%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.2.10%252B1" } ], "aliases": [ "CVE-2014-8326", "GHSA-pvr5-84gr-g985" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-amgy-teas-euh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38678?format=api", "vulnerability_id": "VCID-btc1-yng3-ckhx", "summary": "Improper Input Validation\nphpMyAdmin is vulnerable to a DoS attack in the replication status by using a specially crafted table name.", "references": [ { "reference_url": "https://web.archive.org/web/20210123220317/http://www.securityfocus.com/bid/95738", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20210123220317/http://www.securityfocus.com/bid/95738" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2017-7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2017-7" }, { "reference_url": "http://www.securityfocus.com/bid/95738", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95738" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000018", "reference_id": "CVE-2017-1000018", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000018" }, { "reference_url": "https://github.com/advisories/GHSA-47qr-f86f-3wm4", "reference_id": "GHSA-47qr-f86f-3wm4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-47qr-f86f-3wm4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2017-1000018", "GHSA-47qr-f86f-3wm4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-btc1-yng3-ckhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44158?format=api", "vulnerability_id": "VCID-cbjd-e3sk-m7bu", "summary": "Cross-Site Request Forgery (CSRF)\nAn issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.", "references": [ { "reference_url": "https://security.gentoo.org/glsa/201701-32", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-32" }, { "reference_url": "https://web.archive.org/web/20210123194736/http://www.securityfocus.com/bid/94536", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20210123194736/http://www.securityfocus.com/bid/94536" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-71", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2016-71" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9866", "reference_id": "CVE-2016-9866", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9866" }, { "reference_url": "https://github.com/advisories/GHSA-jvxx-8xxf-5495", "reference_id": "GHSA-jvxx-8xxf-5495", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jvxx-8xxf-5495" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53740?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23dq-w66r-k3bt" }, { "vulnerability": "VCID-38tp-acy8-57hj" }, { "vulnerability": "VCID-txba-1at4-ekg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10%252B18" }, { "url": "http://public2.vulnerablecode.io/api/packages/53741?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.4.15%2B9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23dq-w66r-k3bt" }, { "vulnerability": "VCID-38tp-acy8-57hj" }, { "vulnerability": "VCID-txba-1at4-ekg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.4.15%252B9" }, { "url": "http://public2.vulnerablecode.io/api/packages/53742?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.6.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23dq-w66r-k3bt" }, { "vulnerability": "VCID-38tp-acy8-57hj" }, { "vulnerability": "VCID-txba-1at4-ekg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.5" } ], "aliases": [ "CVE-2016-9866", "GHSA-jvxx-8xxf-5495" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cbjd-e3sk-m7bu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38288?format=api", "vulnerability_id": "VCID-gmjk-222y-abda", "summary": "Information Exposure\nAn issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user session, username, and password are not compromised by this vulnerability.", "references": [ { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-48", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2016-48" }, { "reference_url": "http://www.securityfocus.com/bid/92491", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/92491" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6625", "reference_id": "CVE-2016-6625", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6625" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2016-6625" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gmjk-222y-abda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38279?format=api", "vulnerability_id": "VCID-gtps-py3z-13cu", "summary": "Code Injection\nAn issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension.", "references": [ { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-56", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2016-56" }, { "reference_url": "http://www.securityfocus.com/bid/92500", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/92500" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6633", "reference_id": "CVE-2016-6633", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6633" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2016-6633" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gtps-py3z-13cu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38274?format=api", "vulnerability_id": "VCID-jmn8-a5r9-2qc8", "summary": "Improper Input Validation\nAn issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with `$cfg['AllowArbitraryServer']=true`.", "references": [ { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-45", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2016-45" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6622", "reference_id": "CVE-2016-6622", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6622" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2016-6622" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jmn8-a5r9-2qc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38149?format=api", "vulnerability_id": "VCID-k5ph-wws1-fqg4", "summary": "Cross-site Scripting\nCross-site scripting (XSS) vulnerability in `examples/openid.php` in phpMyAdmin allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.", "references": [ { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/418aeea3d83b0b6021bac311d849570acfc6e48c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/418aeea3d83b0b6021bac311d849570acfc6e48c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5731", "reference_id": "CVE-2016-5731", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5731" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2016-5731" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k5ph-wws1-fqg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38285?format=api", "vulnerability_id": "VCID-mgu4-pf1x-r3dy", "summary": "Cross-site Scripting\nXSS issues were discovered in phpMyAdmin. This affects the database privilege check and the \"Remove partitioning\" functionality. Specially crafted database names can trigger the XSS attack.", "references": [ { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-31", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2016-31" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6608", "reference_id": "CVE-2016-6608", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6608" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2016-6608" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mgu4-pf1x-r3dy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38278?format=api", "vulnerability_id": "VCID-n66y-s36g-fqck", "summary": "Improper Input Validation\nAn issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with `$cfg['AllowArbitraryServer']=true`.", "references": [ { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-65", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2016-65" }, { "reference_url": "http://www.securityfocus.com/bid/94525", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94525" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9860", "reference_id": "CVE-2016-9860", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9860" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2016-9860" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n66y-s36g-fqck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44063?format=api", "vulnerability_id": "VCID-n7cc-xfym-u7g4", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00032.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00032.html" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/33b39f9f1dd9a4d27856530e5ac004e23b30e8ac", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/33b39f9f1dd9a4d27856530e5ac004e23b30e8ac" }, { "reference_url": "https://security.gentoo.org/glsa/201505-03", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201505-03" }, { "reference_url": "https://web.archive.org/web/20200228081340/http://www.securityfocus.com/bid/69790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20200228081340/http://www.securityfocus.com/bid/69790" }, { "reference_url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6300", "reference_id": "CVE-2014-6300", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6300" }, { "reference_url": "https://github.com/advisories/GHSA-6wfj-2mw7-p5cg", "reference_id": "GHSA-6wfj-2mw7-p5cg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6wfj-2mw7-p5cg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63334?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10%252B3" }, { "url": "http://public2.vulnerablecode.io/api/packages/63335?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.1.14%2B4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.1.14%252B4" }, { "url": "http://public2.vulnerablecode.io/api/packages/63336?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.2.8%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.2.8%252B1" } ], "aliases": [ "CVE-2014-6300", "GHSA-6wfj-2mw7-p5cg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n7cc-xfym-u7g4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38283?format=api", "vulnerability_id": "VCID-nuju-ekmt-k7g9", "summary": "Improper Input Validation\nAn issue was discovered in phpMyAdmin involving the `$cfg['ArbitraryServerRegexp']` configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by `ArbitraryServerRegexp`.", "references": [ { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-52", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2016-52" }, { "reference_url": "http://www.securityfocus.com/bid/92493", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/92493" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6629", "reference_id": "CVE-2016-6629", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6629" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2016-6629" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nuju-ekmt-k7g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38271?format=api", "vulnerability_id": "VCID-nv3j-xj42-wfcw", "summary": "Incomplete List of Disallowed Inputs\nAn issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection.", "references": [ { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-66", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2016-66" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9861", "reference_id": "CVE-2016-9861", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9861" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2016-9861" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nv3j-xj42-wfcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39595?format=api", "vulnerability_id": "VCID-q45d-5bf4-tff5", "summary": "Improper Privilege Management\nAn issue was discovered in `libraries/common` which allows users who have no password set to log in even if the administrator has set `$cfg['Servers'][$i]['AllowNoPassword']` to `false` (which is also the default).", "references": [ { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2017-8/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2017-8/" }, { "reference_url": "http://www.securityfocus.com/bid/97211", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97211" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18264", "reference_id": "CVE-2017-18264", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18264" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55421?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.1" } ], "aliases": [ "CVE-2017-18264" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q45d-5bf4-tff5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38273?format=api", "vulnerability_id": "VCID-q7pe-bvr1-g3bc", "summary": "Cryptographic Issues\nAn issue was discovered in phpMyAdmin. When the user does not specify a `blowfish_secret` key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's `blowfish_secret` and potentially decrypt their cookies.", "references": [ { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-58", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2016-58" }, { "reference_url": "http://www.securityfocus.com/bid/94524", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94524" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9847", "reference_id": "CVE-2016-9847", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9847" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2016-9847" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q7pe-bvr1-g3bc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38276?format=api", "vulnerability_id": "VCID-qqyb-zags-bbhz", "summary": "Incomplete Cleanup\nAn issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files.", "references": [ { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-55", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2016-55" }, { "reference_url": "http://www.securityfocus.com/bid/92497", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/92497" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6632", "reference_id": "CVE-2016-6632", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6632" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2016-6632" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qqyb-zags-bbhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44163?format=api", "vulnerability_id": "VCID-r9sb-489v-fqc9", "summary": "phpMyAdmin Cryptographic Vulnerability\nThe suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/8dedcc1a175eb07debd4fe116407c43694c60b22", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/8dedcc1a175eb07debd4fe116407c43694c60b22" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/912856b432d794201884c36e5f390d446339b6e4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/912856b432d794201884c36e5f390d446339b6e4" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3627" }, { "reference_url": "http://www.phpmyadmin.net/home_page/security/PMASA-2016-4.php", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2016-4.php" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1927", "reference_id": "CVE-2016-1927", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1927" }, { "reference_url": "https://github.com/advisories/GHSA-4gmg-gwjh-3mmr", "reference_id": "GHSA-4gmg-gwjh-3mmr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4gmg-gwjh-3mmr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63530?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10%252B13" }, { "url": "http://public2.vulnerablecode.io/api/packages/52543?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.4.15%2B3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hvw-4h4d-zkhv" }, { "vulnerability": "VCID-4kax-4bpz-g7c5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.4.15%252B3" }, { "url": "http://public2.vulnerablecode.io/api/packages/52575?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b6ng-ygap-zqh4" }, { "vulnerability": "VCID-pfdk-db4h-47dx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.5.4" } ], "aliases": [ "CVE-2016-1927", "GHSA-4gmg-gwjh-3mmr" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r9sb-489v-fqc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38280?format=api", "vulnerability_id": "VCID-rz6q-hthe-1uer", "summary": "Information Exposure\nAn issue was discovered in phpMyAdmin. A user can exploit the \"LOAD LOCAL INFILE\" functionality to expose files on the server to the database system.", "references": [ { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-35", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2016-35" }, { "reference_url": "http://www.securityfocus.com/bid/94113", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/94113" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6612", "reference_id": "CVE-2016-6612", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6612" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2016-6612" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rz6q-hthe-1uer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43887?format=api", "vulnerability_id": "VCID-tvfz-v881-sufp", "summary": "phpMyAdmin Denial Of Service (DOS) attack\njs/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter.", "references": [ { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/4767f24ea4c1e3822ce71a636c341e8ad8d07aa6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/4767f24ea4c1e3822ce71a636c341e8ad8d07aa6" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/805225a28c1428d7809e613c731c2126960e98df", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/805225a28c1428d7809e613c731c2126960e98df" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/abb3685c8702de887988fee31a97ef4d80d856a1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/abb3685c8702de887988fee31a97ef4d80d856a1" }, { "reference_url": "https://security.gentoo.org/glsa/201701-32", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-32" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-22", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2016-22" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5706", "reference_id": "CVE-2016-5706", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5706" }, { "reference_url": "https://github.com/advisories/GHSA-9rmm-8fp4-26hv", "reference_id": "GHSA-9rmm-8fp4-26hv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9rmm-8fp4-26hv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63059?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B16", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10%252B16" }, { "url": "http://public2.vulnerablecode.io/api/packages/63060?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.4.15%2B7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.4.15%252B7" }, { "url": "http://public2.vulnerablecode.io/api/packages/52993?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3va7-xx14-gkds" }, { "vulnerability": "VCID-44uc-xrvp-7bet" }, { "vulnerability": "VCID-4avx-e9mf-2yb1" }, { "vulnerability": "VCID-4vgu-cagj-hfhb" }, { "vulnerability": "VCID-gmjk-222y-abda" }, { "vulnerability": "VCID-gtps-py3z-13cu" }, { "vulnerability": "VCID-jmn8-a5r9-2qc8" }, { "vulnerability": "VCID-mgu4-pf1x-r3dy" }, { "vulnerability": "VCID-nuju-ekmt-k7g9" }, { "vulnerability": "VCID-q7pe-bvr1-g3bc" }, { "vulnerability": "VCID-qqyb-zags-bbhz" }, { "vulnerability": "VCID-rz6q-hthe-1uer" }, { "vulnerability": "VCID-xqf5-yxf3-u3he" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.3" } ], "aliases": [ "CVE-2016-5706", "GHSA-9rmm-8fp4-26hv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tvfz-v881-sufp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38679?format=api", "vulnerability_id": "VCID-txba-1at4-ekg2", "summary": "URL Redirection to Untrusted Site (Open Redirect)\nphpMyAdmin is vulnerable to an open redirect weakness.", "references": [ { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2017-1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2017-1" }, { "reference_url": "http://www.securityfocus.com/bid/95720", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95720" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000013", "reference_id": "CVE-2017-1000013", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000013" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2017-1000013" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-txba-1at4-ekg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38272?format=api", "vulnerability_id": "VCID-xqf5-yxf3-u3he", "summary": "Cross-site Scripting\nAn issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file.", "references": [ { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2016-51", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2016-51" }, { "reference_url": "http://www.securityfocus.com/bid/92492", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/92492" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6628", "reference_id": "CVE-2016-6628", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6628" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2016-6628" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xqf5-yxf3-u3he" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38685?format=api", "vulnerability_id": "VCID-zvcj-g6rt-s3de", "summary": "Server-Side Request Forgery (SSRF)\nphpMyAdmin is vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server.", "references": [ { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2017-6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2017-6" }, { "reference_url": "http://www.securityfocus.com/bid/95732", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95732" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000017", "reference_id": "CVE-2017-1000017", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000017" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2017-1000017" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zvcj-g6rt-s3de" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.0" }