Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/44031?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44031?format=api", "vulnerability_id": "VCID-qnf5-aays-qkf1", "summary": "Improper Control of Generation of Code ('Code Injection')\nlibraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a \"remote variable manipulation vulnerability.\"", "aliases": [ { "alias": "CVE-2011-2505" }, { "alias": "GHSA-vqcm-r62w-w437" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/123176?format=api", "purl": "pkg:deb/debian/phpmyadmin@4:3.4.3.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:3.4.3.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123057?format=api", "purl": "pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-47ju-f89a-eud8" }, { "vulnerability": "VCID-d3qn-js1p-7yeq" }, { "vulnerability": "VCID-dmqy-9xth-cuhs" }, { "vulnerability": "VCID-gx8h-5h14-dqez" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123055?format=api", "purl": "pkg:deb/debian/phpmyadmin@4:5.2.1%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gx8h-5h14-dqez" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.1%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123059?format=api", "purl": "pkg:deb/debian/phpmyadmin@4:5.2.2-really%2Bdfsg-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.2-really%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123058?format=api", "purl": "pkg:deb/debian/phpmyadmin@4:5.2.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/190527?format=api", "purl": "pkg:ebuild/dev-db/phpmyadmin@3.4.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-db/phpmyadmin@3.4.9" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61862?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@3.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6r4m-kxj7-ybb6" }, { "vulnerability": "VCID-cyv1-muwx-83h8" }, { "vulnerability": "VCID-qnf5-aays-qkf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/63264?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@3.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6r4m-kxj7-ybb6" }, { "vulnerability": "VCID-8amg-r4d1-kubh" }, { "vulnerability": "VCID-92xz-8fkp-ekh3" }, { "vulnerability": "VCID-ntmf-36f1-e3fg" }, { "vulnerability": "VCID-qnf5-aays-qkf1" }, { "vulnerability": "VCID-zb95-sn9m-r3bu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.4.0" } ], "references": [ { "reference_url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2505", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.37008", "scoring_system": "epss", "scoring_elements": "0.97245", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2505" }, { "reference_url": "http://securityreason.com/securityalert/8306", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://securityreason.com/securityalert/8306" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://github.com/phpmyadmin/composer/commit/7ebd958b2bf59f96fecd5b3322bdbd0b244a7967", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer/commit/7ebd958b2bf59f96fecd5b3322bdbd0b244a7967" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/6e6e129f26295c83d67b74e202628a4b8bc49e54", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/6e6e129f26295c83d67b74e202628a4b8bc49e54" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/7ebd958b2bf59f96fecd5b3322bdbd0b244a7967", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/7ebd958b2bf59f96fecd5b3322bdbd0b244a7967" }, { "reference_url": "https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt" }, { "reference_url": "https://web.archive.org/web/20111116172111/http://www.securityfocus.com/archive/1/518804/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20111116172111/http://www.securityfocus.com/archive/1/518804/100/0/threaded" }, { "reference_url": "https://web.archive.org/web/20121105034518/http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20121105034518/http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2286", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2286" }, { "reference_url": "http://www.exploit-db.com/exploits/17514", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.exploit-db.com/exploits/17514" }, { "reference_url": "http://www.exploit-db.com/exploits/17514/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.exploit-db.com/exploits/17514/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/06/28/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/06/28/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/06/28/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/06/28/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/06/28/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/06/28/8" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/06/29/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/06/29/11" }, { "reference_url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2505", "reference_id": "CVE-2011-2505", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2505" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/17510.py", "reference_id": "CVE-2011-2506;CVE-2011-2505;OSVDB-73612;OSVDB-73611", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/17510.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/17514.php", "reference_id": "CVE-2011-2506;CVE-2011-2505;OSVDB-73612;OSVDB-73611", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/17514.php" }, { "reference_url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt", "reference_id": "CVE-2011-2506;CVE-2011-2505;OSVDB-73612;OSVDB-73611", "reference_type": "exploit", "scores": [], "url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt" }, { "reference_url": "https://github.com/advisories/GHSA-vqcm-r62w-w437", "reference_id": "GHSA-vqcm-r62w-w437", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vqcm-r62w-w437" }, { "reference_url": "https://security.gentoo.org/glsa/201201-01", "reference_id": "GLSA-201201-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-01" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 94, "name": "Improper Control of Generation of Code ('Code Injection')", "description": "The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment." } ], "exploits": [ { "date_added": "2011-07-08", "description": "phpMyAdmin3 (pma3) - Remote Code Execution", "required_action": null, "due_date": null, "notes": null, "known_ransomware_campaign_use": true, "source_date_published": "2011-07-08", "exploit_type": "webapps", "platform": "php", "source_date_updated": "2011-07-24", "data_source": "Exploit-DB", "source_url": "" } ], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qnf5-aays-qkf1" }