VulnerableCode Package Details - pkg:composer/phpmyadmin/phpmyadmin@4.6.6

Search for packages

Vulnerability	Summary	Fixed by
VCID-b5d2-5bfb-bbgz Aliases: CVE-2017-1000017 GHSA-99xj-xqc9-98hr	Server-Side Request Forgery (SSRF) phpMyAdmin is vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server.	4.7.0 Affected by 22 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-hnud-ktgb-dfe6 Aliases: CVE-2017-18264 GHSA-5868-g58j-vrj5	Improper Privilege Management An issue was discovered in `libraries/common` which allows users who have no password set to log in even if the administrator has set `$cfg['Servers'][$i]['AllowNoPassword']` to `false` (which is also the default).	4.7.0 Affected by 22 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.7.1 Affected by 21 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-b5d2-5bfb-bbgz
Aliases:
CVE-2017-1000017
GHSA-99xj-xqc9-98hr

Server-Side Request Forgery (SSRF) phpMyAdmin is vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server.

4.7.0
Affected by 22 other vulnerabilities.

VCID-hnud-ktgb-dfe6
Aliases:
CVE-2017-18264
GHSA-5868-g58j-vrj5

Improper Privilege Management An issue was discovered in `libraries/common` which allows users who have no password set to log in even if the administrator has set `$cfg['Servers'][$i]['AllowNoPassword']` to `false` (which is also the default).

4.7.0
Affected by 22 other vulnerabilities.

4.7.1
Affected by 21 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-04T14:31:18.606506+00:00	GHSA Importer	Fixing	VCID-4awg-qnjf-4ua5	https://github.com/advisories/GHSA-j2cq-h6v2-f875	38.1.0
2026-04-04T14:30:54.303428+00:00	GHSA Importer	Fixing	VCID-7n1n-uj91-8ugg	https://github.com/advisories/GHSA-44vv-mm86-7cg6	38.1.0
2026-04-04T14:30:30.585706+00:00	GHSA Importer	Fixing	VCID-uw6h-fpzy-x3ap	https://github.com/advisories/GHSA-5h5m-fj48-qpjw	38.1.0
2026-04-04T14:30:30.555142+00:00	GHSA Importer	Fixing	VCID-zreq-41ja-pbf1	https://github.com/advisories/GHSA-9hrc-rwrq-v6mh	38.1.0
2026-04-04T14:30:30.521062+00:00	GHSA Importer	Fixing	VCID-7h9b-a8dp-57hp	https://github.com/advisories/GHSA-3fgq-cmr4-97rr	38.1.0
2026-04-04T14:30:30.468130+00:00	GHSA Importer	Fixing	VCID-24e9-fnt7-jqdu	https://github.com/advisories/GHSA-47qr-f86f-3wm4	38.1.0
2026-04-04T14:30:28.031996+00:00	GHSA Importer	Fixing	VCID-b5d2-5bfb-bbgz	https://github.com/advisories/GHSA-99xj-xqc9-98hr	38.1.0
2026-04-01T16:01:40.243708+00:00	GHSA Importer	Affected by	VCID-hnud-ktgb-dfe6	https://github.com/advisories/GHSA-5868-g58j-vrj5	38.0.0
2026-04-01T13:11:52.819758+00:00	GithubOSV Importer	Fixing	VCID-4awg-qnjf-4ua5	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j2cq-h6v2-f875/GHSA-j2cq-h6v2-f875.json	38.0.0
2026-04-01T13:11:11.808067+00:00	GithubOSV Importer	Fixing	VCID-7h9b-a8dp-57hp	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3fgq-cmr4-97rr/GHSA-3fgq-cmr4-97rr.json	38.0.0
2026-04-01T13:09:22.494022+00:00	GithubOSV Importer	Fixing	VCID-b5d2-5bfb-bbgz	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-99xj-xqc9-98hr/GHSA-99xj-xqc9-98hr.json	38.0.0
2026-04-01T13:08:39.609263+00:00	GithubOSV Importer	Fixing	VCID-zreq-41ja-pbf1	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9hrc-rwrq-v6mh/GHSA-9hrc-rwrq-v6mh.json	38.0.0
2026-04-01T13:08:33.367994+00:00	GithubOSV Importer	Fixing	VCID-24e9-fnt7-jqdu	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-47qr-f86f-3wm4/GHSA-47qr-f86f-3wm4.json	38.0.0
2026-04-01T13:08:30.871231+00:00	GithubOSV Importer	Fixing	VCID-7n1n-uj91-8ugg	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-44vv-mm86-7cg6/GHSA-44vv-mm86-7cg6.json	38.0.0
2026-04-01T13:07:56.441467+00:00	GithubOSV Importer	Fixing	VCID-uw6h-fpzy-x3ap	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5h5m-fj48-qpjw/GHSA-5h5m-fj48-qpjw.json	38.0.0
2026-04-01T12:50:34.222046+00:00	GitLab Importer	Fixing	VCID-7n1n-uj91-8ugg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-6621.yml	38.0.0
2026-04-01T12:47:39.890544+00:00	GitLab Importer	Affected by	VCID-hnud-ktgb-dfe6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2017-18264.yml	38.0.0
2026-04-01T12:47:16.629481+00:00	GitLab Importer	Affected by	VCID-b5d2-5bfb-bbgz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2017-1000017.yml	38.0.0