Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B18
Typecomposer
Namespacephpmyadmin
Namephpmyadmin
Version4.0.10+18
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.0.10+19
Latest_non_vulnerable_version5.2.1
Affected_by_vulnerabilities
0
url VCID-23dq-w66r-k3bt
vulnerability_id VCID-23dq-w66r-k3bt
summary 
Cross-site Scripting
phpMyAdmin is vulnerable to a CSS injection attack through crafted cookie parameters.
references
0
reference_url https://www.phpmyadmin.net/security/PMASA-2017-4
reference_id
reference_type
scores
url https://www.phpmyadmin.net/security/PMASA-2017-4
1
reference_url http://www.securityfocus.com/bid/95726
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/95726
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000015
reference_id CVE-2017-1000015
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000015
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@4.7.0
purl pkg:composer/phpmyadmin/phpmyadmin@4.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-axtb-1njj-rbb4
1
vulnerability VCID-q45d-5bf4-tff5
2
vulnerability VCID-r4zz-m2mr-9qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0
aliases CVE-2017-1000015
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-23dq-w66r-k3bt
1
url VCID-38tp-acy8-57hj
vulnerability_id VCID-38tp-acy8-57hj
summary 
Improper Input Validation
phpMyAdmin is vulnerable to a DoS weakness in the table editing functionality.
references
0
reference_url https://www.phpmyadmin.net/security/PMASA-2017-3
reference_id
reference_type
scores
url https://www.phpmyadmin.net/security/PMASA-2017-3
1
reference_url http://www.securityfocus.com/bid/95721
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/95721
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000014
reference_id CVE-2017-1000014
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000014
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@4.7.0
purl pkg:composer/phpmyadmin/phpmyadmin@4.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-axtb-1njj-rbb4
1
vulnerability VCID-q45d-5bf4-tff5
2
vulnerability VCID-r4zz-m2mr-9qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0
aliases CVE-2017-1000014
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-38tp-acy8-57hj
2
url VCID-txba-1at4-ekg2
vulnerability_id VCID-txba-1at4-ekg2
summary 
URL Redirection to Untrusted Site (Open Redirect)
phpMyAdmin is vulnerable to an open redirect weakness.
references
0
reference_url https://www.phpmyadmin.net/security/PMASA-2017-1
reference_id
reference_type
scores
url https://www.phpmyadmin.net/security/PMASA-2017-1
1
reference_url http://www.securityfocus.com/bid/95720
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/95720
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000013
reference_id CVE-2017-1000013
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000013
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@4.7.0
purl pkg:composer/phpmyadmin/phpmyadmin@4.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-axtb-1njj-rbb4
1
vulnerability VCID-q45d-5bf4-tff5
2
vulnerability VCID-r4zz-m2mr-9qeb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0
aliases CVE-2017-1000013
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-txba-1at4-ekg2
Fixing_vulnerabilities
0
url VCID-cbjd-e3sk-m7bu
vulnerability_id VCID-cbjd-e3sk-m7bu
summary 
Cross-Site Request Forgery (CSRF)
An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
references
0
reference_url https://security.gentoo.org/glsa/201701-32
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/201701-32
1
reference_url https://web.archive.org/web/20210123194736/http://www.securityfocus.com/bid/94536
reference_id
reference_type
scores
url https://web.archive.org/web/20210123194736/http://www.securityfocus.com/bid/94536
2
reference_url https://www.phpmyadmin.net/security/PMASA-2016-71
reference_id
reference_type
scores
url https://www.phpmyadmin.net/security/PMASA-2016-71
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-9866
reference_id CVE-2016-9866
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-9866
4
reference_url https://github.com/advisories/GHSA-jvxx-8xxf-5495
reference_id GHSA-jvxx-8xxf-5495
reference_type
scores
url https://github.com/advisories/GHSA-jvxx-8xxf-5495
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B18
purl pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23dq-w66r-k3bt
1
vulnerability VCID-38tp-acy8-57hj
2
vulnerability VCID-txba-1at4-ekg2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10%252B18
1
url pkg:composer/phpmyadmin/phpmyadmin@4.4.15%2B9
purl pkg:composer/phpmyadmin/phpmyadmin@4.4.15%2B9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23dq-w66r-k3bt
1
vulnerability VCID-38tp-acy8-57hj
2
vulnerability VCID-txba-1at4-ekg2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.4.15%252B9
2
url pkg:composer/phpmyadmin/phpmyadmin@4.6.5
purl pkg:composer/phpmyadmin/phpmyadmin@4.6.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23dq-w66r-k3bt
1
vulnerability VCID-38tp-acy8-57hj
2
vulnerability VCID-txba-1at4-ekg2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.5
aliases CVE-2016-9866, GHSA-jvxx-8xxf-5495
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbjd-e3sk-m7bu
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10%252B18