Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/994405?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/994405?format=api", "purl": "pkg:deb/debian/phpmyadmin@4:5.2.1%2Bdfsg-1%2Bdeb12u1", "type": "deb", "namespace": "debian", "name": "phpmyadmin", "version": "4:5.2.1+dfsg-1+deb12u1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4:5.2.2-really+dfsg-1+deb13u1", "latest_non_vulnerable_version": "4:5.2.2-really+dfsg-1+deb13u1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25414?format=api", "vulnerability_id": "VCID-zd8d-c1nk-g7a4", "summary": "jquery-validation vulnerable to Cross-site Scripting\nVersions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3573.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3573.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3573", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48023", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47999", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48005", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47952", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48003", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47983", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53007", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53045", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53083", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.5309", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53072", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53038", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53047", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3573" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3573" }, { "reference_url": "https://github.com/jquery-validation/jquery-validation", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery-validation/jquery-validation" }, { "reference_url": "https://github.com/jquery-validation/jquery-validation/commit/7a490d8f39bd988027568ddcf51755e1f4688902", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery-validation/jquery-validation/commit/7a490d8f39bd988027568ddcf51755e1f4688902" }, { "reference_url": "https://github.com/jquery-validation/jquery-validation/pull/2462", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery-validation/jquery-validation/pull/2462" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3573", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3573" }, { "reference_url": "https://security.snyk.io/vuln/SNYK-JS-JQUERYVALIDATION-5952285", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.snyk.io/vuln/SNYK-JS-JQUERYVALIDATION-5952285" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103445", "reference_id": "1103445", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103445" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104134", "reference_id": "1104134", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104134" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104135", "reference_id": "1104135", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104135" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104136", "reference_id": "1104136", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104136" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359682", "reference_id": "2359682", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359682" }, { "reference_url": "https://github.com/advisories/GHSA-rrj2-ph5q-jxw2", "reference_id": "GHSA-rrj2-ph5q-jxw2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rrj2-ph5q-jxw2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1057174?format=api", "purl": "pkg:deb/debian/phpmyadmin@4:5.2.2-really%2Bdfsg-1%2Bdeb13u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.2-really%252Bdfsg-1%252Bdeb13u1" } ], "aliases": [ "CVE-2025-3573", "GHSA-rrj2-ph5q-jxw2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zd8d-c1nk-g7a4" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96562?format=api", "vulnerability_id": "VCID-2wka-nyka-9fbz", "summary": "An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24529", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39249", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39331", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39622", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39645", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39562", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39616", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39631", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.3964", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39604", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39588", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39638", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39609", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39526", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39346", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24529" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24529", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24529" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2025-2/", "reference_id": "PMASA-2025-2", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T15:02:51Z/" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2025-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994405?format=api", "purl": "pkg:deb/debian/phpmyadmin@4:5.2.1%2Bdfsg-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd8d-c1nk-g7a4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.1%252Bdfsg-1%252Bdeb12u1" } ], "aliases": [ "CVE-2025-24529" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2wka-nyka-9fbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25858?format=api", "vulnerability_id": "VCID-araw-4wdy-hqcz", "summary": "phpMyAdmin XSS when checking tables\nAn issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24530", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41284", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41541", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41569", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41495", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41545", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41553", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41575", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41542", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41528", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41573", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41547", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41472", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41366", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41361", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24530" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24530", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24530" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/23c13a81709728089ff031e5b1c29b5e91baa6a7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/23c13a81709728089ff031e5b1c29b5e91baa6a7" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00016.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24530", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24530" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2025-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2025-1" }, { "reference_url": "https://github.com/advisories/GHSA-222v-cx2c-q2f5", "reference_id": "GHSA-222v-cx2c-q2f5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-222v-cx2c-q2f5" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2025-1/", "reference_id": "PMASA-2025-1", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T15:02:00Z/" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2025-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994405?format=api", "purl": "pkg:deb/debian/phpmyadmin@4:5.2.1%2Bdfsg-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd8d-c1nk-g7a4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.1%252Bdfsg-1%252Bdeb12u1" } ], "aliases": [ "CVE-2025-24530", "GHSA-222v-cx2c-q2f5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-araw-4wdy-hqcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12342?format=api", "vulnerability_id": "VCID-na3j-h3qr-k7dc", "summary": "Improper Authentication\nAn issue was discovered in phpMyAdm. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23807", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34666", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.35014", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.35059", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.35085", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.35089", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.35055", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.3503", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.35068", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.35053", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.35008", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34776", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34757", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.35107", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.35135", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23807" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/ca54f1db050859eb8555875c6aa5d7796fdf4b32", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/ca54f1db050859eb8555875c6aa5d7796fdf4b32" }, { "reference_url": "https://security.gentoo.org/glsa/202311-17", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202311-17" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2022-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2022-1" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2022-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2022-1/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23807", "reference_id": "CVE-2022-23807", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23807" }, { "reference_url": "https://github.com/advisories/GHSA-8wf2-3ggj-78q9", "reference_id": "GHSA-8wf2-3ggj-78q9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8wf2-3ggj-78q9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994405?format=api", "purl": "pkg:deb/debian/phpmyadmin@4:5.2.1%2Bdfsg-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd8d-c1nk-g7a4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.1%252Bdfsg-1%252Bdeb12u1" } ], "aliases": [ "CVE-2022-23807", "GHSA-8wf2-3ggj-78q9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-na3j-h3qr-k7dc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12337?format=api", "vulnerability_id": "VCID-ndjn-p6gb-u7g4", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nAn attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23808", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.4879", "scoring_system": "epss", "scoring_elements": "0.97765", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.4879", "scoring_system": "epss", "scoring_elements": "0.97774", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.4879", "scoring_system": "epss", "scoring_elements": "0.97769", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.4879", "scoring_system": "epss", "scoring_elements": "0.97768", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.68413", "scoring_system": "epss", "scoring_elements": "0.98597", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.68413", "scoring_system": "epss", "scoring_elements": "0.98601", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.68413", "scoring_system": "epss", "scoring_elements": "0.98603", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.68413", "scoring_system": "epss", "scoring_elements": "0.98605", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.68413", "scoring_system": "epss", "scoring_elements": "0.98606", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.68413", "scoring_system": "epss", "scoring_elements": "0.98608", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.68413", "scoring_system": "epss", "scoring_elements": "0.98609", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.68413", "scoring_system": "epss", "scoring_elements": "0.9861", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23808" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23808", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23808" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/44eb12f15a562718bbe54c9a16af91ceea335d59", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/44eb12f15a562718bbe54c9a16af91ceea335d59" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/5118acce1dfcdb09cbc0f73927bf51c46feeaf38", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/5118acce1dfcdb09cbc0f73927bf51c46feeaf38" }, { "reference_url": "https://infosecwriteups.com/exploit-cve-2022-23808-85041c6e5b97", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:03Z/" } ], "url": "https://infosecwriteups.com/exploit-cve-2022-23808-85041c6e5b97" }, { "reference_url": "https://security.gentoo.org/glsa/202311-17", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:03Z/" } ], "url": "https://security.gentoo.org/glsa/202311-17" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2022-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2022-2" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2022-2/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:03Z/" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2022-2/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23808", "reference_id": "CVE-2022-23808", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23808" }, { "reference_url": "https://github.com/advisories/GHSA-vcwc-6mr9-8m7c", "reference_id": "GHSA-vcwc-6mr9-8m7c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vcwc-6mr9-8m7c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994405?format=api", "purl": "pkg:deb/debian/phpmyadmin@4:5.2.1%2Bdfsg-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd8d-c1nk-g7a4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.1%252Bdfsg-1%252Bdeb12u1" } ], "aliases": [ "CVE-2022-23808", "GHSA-vcwc-6mr9-8m7c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ndjn-p6gb-u7g4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13228?format=api", "vulnerability_id": "VCID-rqy8-n6fr-hqey", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nPhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0813", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54787", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54811", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54905", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54863", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54888", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54908", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63007", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.62955", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63014", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63043", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63058", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63074", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63091", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63077", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63055", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0813" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/202311-17", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202311-17" }, { "reference_url": "https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information" }, { "reference_url": "https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released" }, { "reference_url": "https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0813", "reference_id": "CVE-2022-0813", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0813" }, { "reference_url": "https://github.com/advisories/GHSA-vx8q-j7h9-vf6q", "reference_id": "GHSA-vx8q-j7h9-vf6q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vx8q-j7h9-vf6q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994405?format=api", "purl": "pkg:deb/debian/phpmyadmin@4:5.2.1%2Bdfsg-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd8d-c1nk-g7a4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.1%252Bdfsg-1%252Bdeb12u1" } ], "aliases": [ "CVE-2022-0813", "GHSA-vx8q-j7h9-vf6q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rqy8-n6fr-hqey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16445?format=api", "vulnerability_id": "VCID-ym9b-4su6-6fbr", "summary": "Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin\nIn phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger Cross-site Scripting (XSS) by uploading a crafted .sql file through the drag-and-drop interface. By disabling the configuration directive `$cfg['enable_drag_drop_import']`, users will be unable to use the drag and drop upload which would protect against the vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25727", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09535", "scoring_system": "epss", "scoring_elements": "0.92872", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.09535", "scoring_system": "epss", "scoring_elements": "0.92867", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.1094", "scoring_system": "epss", "scoring_elements": "0.93423", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.1094", "scoring_system": "epss", "scoring_elements": "0.93438", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.1094", "scoring_system": "epss", "scoring_elements": "0.93434", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.1094", "scoring_system": "epss", "scoring_elements": "0.93428", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.1094", "scoring_system": "epss", "scoring_elements": "0.93405", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11079", "scoring_system": "epss", "scoring_elements": "0.93451", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11079", "scoring_system": "epss", "scoring_elements": "0.93441", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11079", "scoring_system": "epss", "scoring_elements": "0.93445", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11079", "scoring_system": "epss", "scoring_elements": "0.93433", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11079", "scoring_system": "epss", "scoring_elements": "0.93425", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11079", "scoring_system": "epss", "scoring_elements": "0.9345", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25727" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25727", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25727" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/53f70fd7f3b388639922e6cc1ca51fbe890c91cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/53f70fd7f3b388639922e6cc1ca51fbe890c91cc" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2023-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2023-1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25727", "reference_id": "CVE-2023-25727", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25727" }, { "reference_url": "https://github.com/advisories/GHSA-6hr3-44gx-g6wh", "reference_id": "GHSA-6hr3-44gx-g6wh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6hr3-44gx-g6wh" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2023-1/", "reference_id": "PMASA-2023-1", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:52:37Z/" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2023-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994405?format=api", "purl": "pkg:deb/debian/phpmyadmin@4:5.2.1%2Bdfsg-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd8d-c1nk-g7a4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.1%252Bdfsg-1%252Bdeb12u1" } ], "aliases": [ "CVE-2023-25727", "GHSA-6hr3-44gx-g6wh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ym9b-4su6-6fbr" } ], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.1%252Bdfsg-1%252Bdeb12u1" }