Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/44004?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44004?format=api", "vulnerability_id": "VCID-92xz-8fkp-ekh3", "summary": "phpMyAdmin Directory Traversal vulnerability\nDirectory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter.", "aliases": [ { "alias": "CVE-2011-2508" }, { "alias": "GHSA-q6vw-39cg-wjjf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/123176?format=api", "purl": "pkg:deb/debian/phpmyadmin@4:3.4.3.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:3.4.3.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123057?format=api", "purl": "pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-47ju-f89a-eud8" }, { "vulnerability": "VCID-d3qn-js1p-7yeq" }, { "vulnerability": "VCID-dmqy-9xth-cuhs" }, { "vulnerability": "VCID-gx8h-5h14-dqez" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123055?format=api", "purl": "pkg:deb/debian/phpmyadmin@4:5.2.1%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gx8h-5h14-dqez" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.1%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123059?format=api", "purl": "pkg:deb/debian/phpmyadmin@4:5.2.2-really%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.2-really%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123058?format=api", "purl": "pkg:deb/debian/phpmyadmin@4:5.2.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/190527?format=api", "purl": "pkg:ebuild/dev-db/phpmyadmin@3.4.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-db/phpmyadmin@3.4.9" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63263?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@3.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8amg-r4d1-kubh" }, { "vulnerability": "VCID-92xz-8fkp-ekh3" }, { "vulnerability": "VCID-zb95-sn9m-r3bu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/63264?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@3.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6r4m-kxj7-ybb6" }, { "vulnerability": "VCID-8amg-r4d1-kubh" }, { "vulnerability": "VCID-92xz-8fkp-ekh3" }, { "vulnerability": "VCID-ntmf-36f1-e3fg" }, { "vulnerability": "VCID-qnf5-aays-qkf1" }, { "vulnerability": "VCID-zb95-sn9m-r3bu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.4.0" } ], "references": [ { "reference_url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html" }, { "reference_url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=b434320eff8ca9c2fc1b043c1804f868341af9a7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=b434320eff8ca9c2fc1b043c1804f868341af9a7" }, { "reference_url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=b434320eff8ca9c2fc1b043c1804f868341af9a7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=b434320eff8ca9c2fc1b043c1804f868341af9a7" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2508", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11174", "scoring_system": "epss", "scoring_elements": "0.93632", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2508" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin" }, { "reference_url": "https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt" }, { "reference_url": "https://web.archive.org/web/20111109175131/http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20111109175131/http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008" }, { "reference_url": "https://web.archive.org/web/20111217070727/http://www.securityfocus.com/archive/1/518804/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20111217070727/http://www.securityfocus.com/archive/1/518804/100/0/threaded" }, { "reference_url": "https://web.archive.org/web/20111217173735/http://securityreason.com/securityalert/8306", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20111217173735/http://securityreason.com/securityalert/8306" }, { "reference_url": "https://web.archive.org/web/20250218012437/http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20250218012437/http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2286", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2286" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/06/28/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/06/28/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/06/28/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/06/28/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/06/28/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/06/28/8" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/06/29/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/06/29/11" }, { "reference_url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2508", "reference_id": "CVE-2011-2508", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2508" }, { "reference_url": "https://github.com/advisories/GHSA-q6vw-39cg-wjjf", "reference_id": "GHSA-q6vw-39cg-wjjf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-q6vw-39cg-wjjf" }, { "reference_url": "https://security.gentoo.org/glsa/201201-01", "reference_id": "GLSA-201201-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-01" } ], "weaknesses": [ { "cwe_id": 22, "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "description": "The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-92xz-8fkp-ekh3" }