Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/63540?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/63540?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@3.5.0", "type": "composer", "namespace": "phpmyadmin", "name": "phpmyadmin", "version": "3.5.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.9.11", "latest_non_vulnerable_version": "5.2.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98116?format=api", "vulnerability_id": "VCID-dp72-nvcf-nyfd", "summary": "phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104725.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104725.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104770.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104770.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104936.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104936.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00181.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00181.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-3239", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12333", "scoring_system": "epss", "scoring_elements": "0.94014", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.12333", "scoring_system": "epss", "scoring_elements": "0.94006", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.12333", "scoring_system": "epss", "scoring_elements": "0.94015", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-3239" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3239", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3239" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/1f6bc0b707002e26cab216b9e57b4d5de764de48", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/1f6bc0b707002e26cab216b9e57b4d5de764de48" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/d3fafdfba0807068196655e9b6d16c5d1d3ccf8a", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/d3fafdfba0807068196655e9b6d16c5d1d3ccf8a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3239", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3239" }, { "reference_url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-3.php", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-3.php" }, { "reference_url": "https://github.com/advisories/GHSA-gg36-9346-9qx9", "reference_id": "GHSA-gg36-9346-9qx9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gg36-9346-9qx9" }, { "reference_url": "https://security.gentoo.org/glsa/201311-02", "reference_id": "GLSA-201311-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/152930?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@3.5.8%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.5.8%252B1" } ], "aliases": [ "CVE-2013-3239", "GHSA-gg36-9346-9qx9" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dp72-nvcf-nyfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98112?format=api", "vulnerability_id": "VCID-jrxc-3ybk-bba7", "summary": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00033.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00033.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5339", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43186", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43206", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43123", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43198", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5339" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/6ea8fad3f999bfdf79eb6fe31309592bca54d611", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/6ea8fad3f999bfdf79eb6fe31309592bca54d611" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/cfd688d2512df9827a8ecc0412fc264fc5bcb186", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/cfd688d2512df9827a8ecc0412fc264fc5bcb186" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5339", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5339" }, { "reference_url": "https://web.archive.org/web/20121020000514/http://www.securityfocus.com/bid/55925", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20121020000514/http://www.securityfocus.com/bid/55925" }, { "reference_url": "http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php" }, { "reference_url": "https://github.com/advisories/GHSA-rfpg-2fp8-2fph", "reference_id": "GHSA-rfpg-2fp8-2fph", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rfpg-2fp8-2fph" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150418?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@3.5.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.5.3" } ], "aliases": [ "CVE-2012-5339", "GHSA-rfpg-2fp8-2fph" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jrxc-3ybk-bba7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98110?format=api", "vulnerability_id": "VCID-rht1-ecwp-aqe7", "summary": "Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4345", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43285", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43358", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43368", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43344", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4345" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4345" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4345", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4345" }, { "reference_url": "https://web.archive.org/web/20150523055725/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2012:136/?name=MDVSA-2012:136", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20150523055725/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2012:136/?name=MDVSA-2012:136" }, { "reference_url": "http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php" }, { "reference_url": "https://github.com/advisories/GHSA-r3pq-mp8v-cp33", "reference_id": "GHSA-r3pq-mp8v-cp33", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r3pq-mp8v-cp33" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63544?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@3.5.2%2B2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.5.2%252B2" } ], "aliases": [ "CVE-2012-4345", "GHSA-r3pq-mp8v-cp33" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rht1-ecwp-aqe7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98113?format=api", "vulnerability_id": "VCID-u51r-f4uz-myhh", "summary": "phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00033.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00033.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5368", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62587", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62596", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62542", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62588", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5368" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/50edafc0884aa15d0a1aa178089ac6a1ad2eb18a", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/50edafc0884aa15d0a1aa178089ac6a1ad2eb18a" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/a547f3d3e2cf36c6a904fa3e053fd8bddd3fbbb0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/a547f3d3e2cf36c6a904fa3e053fd8bddd3fbbb0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5368", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5368" }, { "reference_url": "https://web.archive.org/web/20200228143700/http://www.securityfocus.com/bid/55939", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228143700/http://www.securityfocus.com/bid/55939" }, { "reference_url": "http://www.phpmyadmin.net/home_page/security/PMASA-2012-7.php", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2012-7.php" }, { "reference_url": "https://github.com/advisories/GHSA-xpxp-v33m-5jp9", "reference_id": "GHSA-xpxp-v33m-5jp9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xpxp-v33m-5jp9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150418?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@3.5.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.5.3" } ], "aliases": [ "CVE-2012-5368", "GHSA-xpxp-v33m-5jp9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u51r-f4uz-myhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44176?format=api", "vulnerability_id": "VCID-u8sc-gk1h-gkhc", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4579", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40004", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40086", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40088", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.4006", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4579" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4579", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4579" }, { "reference_url": "http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4579", "reference_id": "CVE-2012-4579", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4579" }, { "reference_url": "https://github.com/advisories/GHSA-q7v2-w38r-pv7v", "reference_id": "GHSA-q7v2-w38r-pv7v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-q7v2-w38r-pv7v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63544?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@3.5.2%2B2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.5.2%252B2" } ], "aliases": [ "CVE-2012-4579", "GHSA-q7v2-w38r-pv7v" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u8sc-gk1h-gkhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44170?format=api", "vulnerability_id": "VCID-v6xv-djkp-4kgw", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitle (aka chart title) value.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4997", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00263", "scoring_system": "epss", "scoring_elements": "0.49863", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00263", "scoring_system": "epss", "scoring_elements": "0.49925", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00263", "scoring_system": "epss", "scoring_elements": "0.49935", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00263", "scoring_system": "epss", "scoring_elements": "0.49916", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4997" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4997", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4997" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4997", "reference_id": "CVE-2013-4997", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4997" }, { "reference_url": "https://github.com/advisories/GHSA-5gh4-v2ch-pcx4", "reference_id": "GHSA-5gh4-v2ch-pcx4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5gh4-v2ch-pcx4" }, { "reference_url": "https://security.gentoo.org/glsa/201311-02", "reference_id": "GLSA-201311-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63541?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@3.5.8%2B2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.5.8%252B2" } ], "aliases": [ "CVE-2013-4997", "GHSA-5gh4-v2ch-pcx4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v6xv-djkp-4kgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98127?format=api", "vulnerability_id": "VCID-ww5r-71kf-tfgr", "summary": "Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-5002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43285", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43358", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43368", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43344", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-5002" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4995", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4995" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4996", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4996" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5002" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5003" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1879", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1879" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5002", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5002" }, { "reference_url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php" }, { "reference_url": "https://github.com/advisories/GHSA-p632-5w74-x8xx", "reference_id": "GHSA-p632-5w74-x8xx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p632-5w74-x8xx" }, { "reference_url": "https://security.gentoo.org/glsa/201311-02", "reference_id": "GLSA-201311-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63541?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@3.5.8%2B2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.5.8%252B2" }, { "url": "http://public2.vulnerablecode.io/api/packages/241051?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.0.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-282b-1ugg-yuev" }, { "vulnerability": "VCID-2at1-y3qg-77fb" }, { "vulnerability": "VCID-32ja-yuuw-bbbh" }, { "vulnerability": "VCID-7vpu-x9mb-q3c6" }, { "vulnerability": "VCID-a94q-k98a-6qbw" }, { "vulnerability": "VCID-amgy-teas-euh5" }, { "vulnerability": "VCID-cbjd-e3sk-m7bu" }, { "vulnerability": "VCID-d3qn-js1p-7yeq" }, { "vulnerability": "VCID-dx3h-z4dg-m3e1" }, { "vulnerability": "VCID-j2k3-xghw-gfb3" }, { "vulnerability": "VCID-kfr7-v6tb-eqau" }, { "vulnerability": "VCID-m54t-23nu-3kaa" }, { "vulnerability": "VCID-mzuh-5e5y-d3hr" }, { "vulnerability": "VCID-n7cc-xfym-u7g4" }, { "vulnerability": "VCID-r9sb-489v-fqc9" }, { "vulnerability": "VCID-tvfz-v881-sufp" }, { "vulnerability": "VCID-w6nk-akeh-4ufg" }, { "vulnerability": "VCID-zyes-82y3-g7dh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/53738?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.0.4%2B2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23dq-w66r-k3bt" }, { "vulnerability": "VCID-38tp-acy8-57hj" }, { "vulnerability": "VCID-txba-1at4-ekg2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.4%252B2" } ], "aliases": [ "CVE-2013-5002", "GHSA-p632-5w74-x8xx" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ww5r-71kf-tfgr" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.5.0" }