Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/53739?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/53739?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.0.5", "type": "composer", "namespace": "phpmyadmin", "name": "phpmyadmin", "version": "4.0.5", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.9.8", "latest_non_vulnerable_version": "5.2.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38671?format=api", "vulnerability_id": "VCID-23dq-w66r-k3bt", "summary": "Cross-site Scripting\nphpMyAdmin is vulnerable to a CSS injection attack through crafted cookie parameters.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000015", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68533", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000015" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://web.archive.org/web/20210123220229/http://www.securityfocus.com/bid/95726", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123220229/http://www.securityfocus.com/bid/95726" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2017-4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2017-4" }, { "reference_url": "http://www.securityfocus.com/bid/95726", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95726" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000015", "reference_id": "CVE-2017-1000015", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000015" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63180?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10%252B19" }, { "url": "http://public2.vulnerablecode.io/api/packages/53791?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.4.15%2B10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-zvcj-g6rt-s3de" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.4.15%252B10" }, { "url": "http://public2.vulnerablecode.io/api/packages/53792?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.6.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-zvcj-g6rt-s3de" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2at1-y3qg-77fb" }, { "vulnerability": "VCID-32ja-yuuw-bbbh" }, { "vulnerability": "VCID-4wn2-pnbv-sked" }, { "vulnerability": "VCID-52xs-45kd-w3hz" }, { "vulnerability": "VCID-5dd1-nzdy-zfez" }, { "vulnerability": "VCID-8rvw-n1fg-ffc2" }, { "vulnerability": "VCID-ajf6-bk2g-wkb7" }, { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-bd83-vf81-sfa4" }, { "vulnerability": "VCID-dx3h-z4dg-m3e1" }, { "vulnerability": "VCID-j2k3-xghw-gfb3" }, { "vulnerability": "VCID-kfr7-v6tb-eqau" }, { "vulnerability": "VCID-mzuh-5e5y-d3hr" }, { "vulnerability": "VCID-p1jn-sxds-mqd1" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-q7rn-1612-quau" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" }, { "vulnerability": "VCID-rx9z-rdmm-5fg6" }, { "vulnerability": "VCID-w6nk-akeh-4ufg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2017-1000015", "GHSA-3fgq-cmr4-97rr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-23dq-w66r-k3bt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52411?format=api", "vulnerability_id": "VCID-2at1-y3qg-77fb", "summary": "Cross-site Scripting\nAn SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in `tbl_get_field.php` and `libraries/classes/Display/Results.php`). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10803", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02712", "scoring_system": "epss", "scoring_elements": "0.86191", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10803" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10803.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10803.yaml" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2020-4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2020-4" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2020-4/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2020-4/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954666", "reference_id": "954666", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954666" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10803", "reference_id": "CVE-2020-10803", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10803" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76942?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b2nf-6pr3-xqaa" }, { "vulnerability": "VCID-j2k3-xghw-gfb3" }, { "vulnerability": "VCID-qmj2-pxvt-zqes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/63727?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b2nf-6pr3-xqaa" }, { "vulnerability": "VCID-j2k3-xghw-gfb3" }, { "vulnerability": "VCID-qmj2-pxvt-zqes" }, { "vulnerability": "VCID-wdn3-x8u3-wycp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.2" } ], "aliases": [ "CVE-2020-10803", "GHSA-fcww-8wvc-38q9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2at1-y3qg-77fb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52413?format=api", "vulnerability_id": "VCID-32ja-yuuw-bbbh", "summary": "SQL Injection\nAn SQL injection vulnerability was found in retrieval of the current username (in `libraries/classes/Server/Privileges.php` and `libraries/classes/UserPassword.php`). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10804", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01913", "scoring_system": "epss", "scoring_elements": "0.83633", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10804" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10804.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10804.yaml" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2020-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2020-2" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2020-2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2020-2/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954667", "reference_id": "954667", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954667" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10804", "reference_id": "CVE-2020-10804", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10804" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76942?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b2nf-6pr3-xqaa" }, { "vulnerability": "VCID-j2k3-xghw-gfb3" }, { "vulnerability": "VCID-qmj2-pxvt-zqes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/63727?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b2nf-6pr3-xqaa" }, { "vulnerability": "VCID-j2k3-xghw-gfb3" }, { "vulnerability": "VCID-qmj2-pxvt-zqes" }, { "vulnerability": "VCID-wdn3-x8u3-wycp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.2" } ], "aliases": [ "CVE-2020-10804", "GHSA-h65r-8fp8-w7cx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-32ja-yuuw-bbbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38682?format=api", "vulnerability_id": "VCID-38tp-acy8-57hj", "summary": "Improper Input Validation\nphpMyAdmin is vulnerable to a DoS weakness in the table editing functionality.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000014", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01144", "scoring_system": "epss", "scoring_elements": "0.78784", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000014" }, { "reference_url": "https://web.archive.org/web/20210123220105/http://www.securityfocus.com/bid/95721", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123220105/http://www.securityfocus.com/bid/95721" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2017-3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2017-3" }, { "reference_url": "http://www.securityfocus.com/bid/95721", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95721" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000014", "reference_id": "CVE-2017-1000014", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000014" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63180?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10%252B19" }, { "url": "http://public2.vulnerablecode.io/api/packages/53791?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.4.15%2B10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-zvcj-g6rt-s3de" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.4.15%252B10" }, { "url": "http://public2.vulnerablecode.io/api/packages/53792?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.6.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-zvcj-g6rt-s3de" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2at1-y3qg-77fb" }, { "vulnerability": "VCID-32ja-yuuw-bbbh" }, { "vulnerability": "VCID-4wn2-pnbv-sked" }, { "vulnerability": "VCID-52xs-45kd-w3hz" }, { "vulnerability": "VCID-5dd1-nzdy-zfez" }, { "vulnerability": "VCID-8rvw-n1fg-ffc2" }, { "vulnerability": "VCID-ajf6-bk2g-wkb7" }, { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-bd83-vf81-sfa4" }, { "vulnerability": "VCID-dx3h-z4dg-m3e1" }, { "vulnerability": "VCID-j2k3-xghw-gfb3" }, { "vulnerability": "VCID-kfr7-v6tb-eqau" }, { "vulnerability": "VCID-mzuh-5e5y-d3hr" }, { "vulnerability": "VCID-p1jn-sxds-mqd1" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-q7rn-1612-quau" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" }, { "vulnerability": "VCID-rx9z-rdmm-5fg6" }, { "vulnerability": "VCID-w6nk-akeh-4ufg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2017-1000014", "GHSA-9hrc-rwrq-v6mh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-38tp-acy8-57hj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52410?format=api", "vulnerability_id": "VCID-dx3h-z4dg-m3e1", "summary": "SQL Injection\nIn phpMyAdmin, an SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in `libraries/classes/Controllers/Table/TableSearchController.php`. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10802", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01229", "scoring_system": "epss", "scoring_elements": "0.79495", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10802" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10802.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10802.yaml" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2020-3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2020-3" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2020-3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2020-3/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954665", "reference_id": "954665", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954665" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10802", "reference_id": "CVE-2020-10802", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10802" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76942?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b2nf-6pr3-xqaa" }, { "vulnerability": "VCID-j2k3-xghw-gfb3" }, { "vulnerability": "VCID-qmj2-pxvt-zqes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/63727?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b2nf-6pr3-xqaa" }, { "vulnerability": "VCID-j2k3-xghw-gfb3" }, { "vulnerability": "VCID-qmj2-pxvt-zqes" }, { "vulnerability": "VCID-wdn3-x8u3-wycp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.2" } ], "aliases": [ "CVE-2020-10802", "GHSA-f4cr-3xmc-2wpm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dx3h-z4dg-m3e1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53759?format=api", "vulnerability_id": "VCID-j2k3-xghw-gfb3", "summary": "Improper Neutralization of Escape, Meta, or Control Sequences\nphpMyAdmin may allow CSV injection via Export Section. NOTE: the vendor disputes this because \"the CSV file is accurately generated based on the database contents\".", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-22278", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.6157", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-22278" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22278", "reference_id": "CVE-2020-22278", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22278" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78929?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.3" } ], "aliases": [ "CVE-2020-22278" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j2k3-xghw-gfb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52056?format=api", "vulnerability_id": "VCID-kfr7-v6tb-eqau", "summary": "SQL Injection\nA crafted database/table name can be used to trigger a SQL injection attack through the designer feature.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18622", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00556", "scoring_system": "epss", "scoring_elements": "0.68503", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18622" }, { "reference_url": "https://github.com/phpmyadmin/composer/commit/51acbf53564d9b52e78509a5688ec2b68976b5f7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer/commit/51acbf53564d9b52e78509a5688ec2b68976b5f7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH" }, { "reference_url": "https://security.gentoo.org/glsa/202003-39", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202003-39" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2019-5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2019-5" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2019-5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2019-5/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945349", "reference_id": "945349", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945349" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18622", "reference_id": "CVE-2019-18622", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18622" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76289?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2at1-y3qg-77fb" }, { "vulnerability": "VCID-32ja-yuuw-bbbh" }, { "vulnerability": "VCID-b2nf-6pr3-xqaa" }, { "vulnerability": "VCID-dx3h-z4dg-m3e1" }, { "vulnerability": "VCID-j2k3-xghw-gfb3" }, { "vulnerability": "VCID-qmj2-pxvt-zqes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/63726?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2at1-y3qg-77fb" }, { "vulnerability": "VCID-32ja-yuuw-bbbh" }, { "vulnerability": "VCID-59mu-8aep-9ycn" }, { "vulnerability": "VCID-b2nf-6pr3-xqaa" }, { "vulnerability": "VCID-dx3h-z4dg-m3e1" }, { "vulnerability": "VCID-j2k3-xghw-gfb3" }, { "vulnerability": "VCID-m2g6-2ztp-tuam" }, { "vulnerability": "VCID-m3kq-1cfg-mkgc" }, { "vulnerability": "VCID-qmj2-pxvt-zqes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0" } ], "aliases": [ "CVE-2019-18622", "GHSA-jgjc-332c-8cmc" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kfr7-v6tb-eqau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52077?format=api", "vulnerability_id": "VCID-mzuh-5e5y-d3hr", "summary": "Improper Neutralization of Escape, Meta, or Control Sequences\nphpMyAdmin does not escape certain Git information, related to `libraries/classes/Display/GitRevision.php` and `libraries/classes/Footer.php`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00997", "scoring_system": "epss", "scoring_elements": "0.77304", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19617" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/compare/RELEASE_4_9_1...RELEASE_4_9_2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/compare/RELEASE_4_9_1...RELEASE_4_9_2" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00006.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html" }, { "reference_url": "https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released" }, { "reference_url": "https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19617", "reference_id": "CVE-2019-19617", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19617" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76289?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2at1-y3qg-77fb" }, { "vulnerability": "VCID-32ja-yuuw-bbbh" }, { "vulnerability": "VCID-b2nf-6pr3-xqaa" }, { "vulnerability": "VCID-dx3h-z4dg-m3e1" }, { "vulnerability": "VCID-j2k3-xghw-gfb3" }, { "vulnerability": "VCID-qmj2-pxvt-zqes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.2" } ], "aliases": [ "CVE-2019-19617", "GHSA-pgph-mc4p-f8c3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mzuh-5e5y-d3hr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38679?format=api", "vulnerability_id": "VCID-txba-1at4-ekg2", "summary": "URL Redirection to Untrusted Site (Open Redirect)\nphpMyAdmin is vulnerable to an open redirect weakness.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000013", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47182", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000013" }, { "reference_url": "https://web.archive.org/web/20210123220100/http://www.securityfocus.com/bid/95720", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123220100/http://www.securityfocus.com/bid/95720" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2017-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2017-1" }, { "reference_url": "http://www.securityfocus.com/bid/95720", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95720" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000013", "reference_id": "CVE-2017-1000013", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000013" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63180?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10%252B19" }, { "url": "http://public2.vulnerablecode.io/api/packages/53791?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.4.15%2B10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-zvcj-g6rt-s3de" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.4.15%252B10" }, { "url": "http://public2.vulnerablecode.io/api/packages/53792?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.6.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-zvcj-g6rt-s3de" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/52549?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2at1-y3qg-77fb" }, { "vulnerability": "VCID-32ja-yuuw-bbbh" }, { "vulnerability": "VCID-4wn2-pnbv-sked" }, { "vulnerability": "VCID-52xs-45kd-w3hz" }, { "vulnerability": "VCID-5dd1-nzdy-zfez" }, { "vulnerability": "VCID-8rvw-n1fg-ffc2" }, { "vulnerability": "VCID-ajf6-bk2g-wkb7" }, { "vulnerability": "VCID-axtb-1njj-rbb4" }, { "vulnerability": "VCID-bd83-vf81-sfa4" }, { "vulnerability": "VCID-dx3h-z4dg-m3e1" }, { "vulnerability": "VCID-j2k3-xghw-gfb3" }, { "vulnerability": "VCID-kfr7-v6tb-eqau" }, { "vulnerability": "VCID-mzuh-5e5y-d3hr" }, { "vulnerability": "VCID-p1jn-sxds-mqd1" }, { "vulnerability": "VCID-q45d-5bf4-tff5" }, { "vulnerability": "VCID-q7rn-1612-quau" }, { "vulnerability": "VCID-r4zz-m2mr-9qeb" }, { "vulnerability": "VCID-rx9z-rdmm-5fg6" }, { "vulnerability": "VCID-w6nk-akeh-4ufg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0" } ], "aliases": [ "CVE-2017-1000013", "GHSA-5h5m-fj48-qpjw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-txba-1at4-ekg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51809?format=api", "vulnerability_id": "VCID-w6nk-akeh-4ufg", "summary": "Cross-Site Request Forgery (CSRF)\nA CSRF issue in phpMyAdmin allows deletion of any server in the Setup page.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html" }, { "reference_url": "http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12922", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.31957", "scoring_system": "epss", "scoring_elements": "0.96908", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12922" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Sep/23", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Sep/23" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN" }, { "reference_url": "https://www.exploit-db.com/exploits/47385", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/47385" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/47385.txt", "reference_id": "CVE-2019-12922", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/47385.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12922", "reference_id": "CVE-2019-12922", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12922" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75956?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2at1-y3qg-77fb" }, { "vulnerability": "VCID-32ja-yuuw-bbbh" }, { "vulnerability": "VCID-b2nf-6pr3-xqaa" }, { "vulnerability": "VCID-dx3h-z4dg-m3e1" }, { "vulnerability": "VCID-j2k3-xghw-gfb3" }, { "vulnerability": "VCID-kfr7-v6tb-eqau" }, { "vulnerability": "VCID-mzuh-5e5y-d3hr" }, { "vulnerability": "VCID-qmj2-pxvt-zqes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/63726?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2at1-y3qg-77fb" }, { "vulnerability": "VCID-32ja-yuuw-bbbh" }, { "vulnerability": "VCID-59mu-8aep-9ycn" }, { "vulnerability": "VCID-b2nf-6pr3-xqaa" }, { "vulnerability": "VCID-dx3h-z4dg-m3e1" }, { "vulnerability": "VCID-j2k3-xghw-gfb3" }, { "vulnerability": "VCID-m2g6-2ztp-tuam" }, { "vulnerability": "VCID-m3kq-1cfg-mkgc" }, { "vulnerability": "VCID-qmj2-pxvt-zqes" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0" } ], "aliases": [ "CVE-2019-12922", "GHSA-4c9q-64gq-xhx4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w6nk-akeh-4ufg" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.5" }