{"url":"http://public2.vulnerablecode.io/api/packages/23352?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.6.3","type":"composer","namespace":"phpmyadmin","name":"phpmyadmin","version":"4.6.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.9.11","latest_non_vulnerable_version":"5.2.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7575?format=json","vulnerability_id":"VCID-1dc8-kafr-3qd7","summary":"Cross-site Scripting\nAn issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6628","reference_id":"","reference_type":"","scores":[{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49238","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49234","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49207","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49212","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49257","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49255","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49225","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49223","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.4918","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49096","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49159","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49187","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49136","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49163","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49155","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49186","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49214","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49165","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.4922","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49216","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6628","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6628"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-51","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-51"},{"reference_url":"http://www.securityfocus.com/bid/92492","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/92492"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6628","reference_id":"CVE-2016-6628","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6628"},{"reference_url":"https://github.com/advisories/GHSA-phhm-63xx-v9rr","reference_id":"GHSA-phhm-63xx-v9rr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-phhm-63xx-v9rr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23351?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mda-fksy-bqb2"},{"vulnerability":"VCID-8xac-hgvs-ykgn"},{"vulnerability":"VCID-9xxd-uwwt-57ba"},{"vulnerability":"VCID-bcmm-z26p-rkfp"},{"vulnerability":"VCID-jj7e-xndw-6fcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/21731?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2jjv-4en4-e3gx"},{"vulnerability":"VCID-5657-kcyh-7bc2"},{"vulnerability":"VCID-986a-3m4g-83ge"},{"vulnerability":"VCID-br1c-5bzf-ufeu"},{"vulnerability":"VCID-c91y-txcw-2kdy"},{"vulnerability":"VCID-ebk2-vjau-57h9"},{"vulnerability":"VCID-fchc-55te-akhe"},{"vulnerability":"VCID-g6ud-92qe-hqcx"},{"vulnerability":"VCID-gu4y-aeqx-mqak"},{"vulnerability":"VCID-hnud-ktgb-dfe6"},{"vulnerability":"VCID-jma9-9uhu-xuc3"},{"vulnerability":"VCID-mwtw-n1tv-hfd9"},{"vulnerability":"VCID-ngtc-xtjn-xbhp"},{"vulnerability":"VCID-qcra-cu62-43he"},{"vulnerability":"VCID-rqy8-n6fr-hqey"},{"vulnerability":"VCID-scu3-cfyc-9qfz"},{"vulnerability":"VCID-tbnx-nuzv-ebdc"},{"vulnerability":"VCID-tks3-6uv4-kygf"},{"vulnerability":"VCID-yfja-ssw3-skh1"},{"vulnerability":"VCID-ym9b-4su6-6fbr"},{"vulnerability":"VCID-znfm-ak2t-mqdd"},{"vulnerability":"VCID-zyzp-aqd8-e3a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0"}],"aliases":["CVE-2016-6628","GHSA-phhm-63xx-v9rr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1dc8-kafr-3qd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7602?format=json","vulnerability_id":"VCID-64sy-unts-juf3","summary":"Information Exposure\nAn issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user session, username, and password are not compromised by this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6625","reference_id":"","reference_type":"","scores":[{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50961","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50988","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50995","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50974","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50921","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50929","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50891","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50817","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50869","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.509","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50855","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50885","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50851","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50909","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50935","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50892","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50949","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50947","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50989","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50967","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50951","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6625"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-48","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-48"},{"reference_url":"http://www.securityfocus.com/bid/92491","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/92491"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6625","reference_id":"CVE-2016-6625","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6625"},{"reference_url":"https://github.com/advisories/GHSA-r643-7xfg-ppc5","reference_id":"GHSA-r643-7xfg-ppc5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r643-7xfg-ppc5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23351?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mda-fksy-bqb2"},{"vulnerability":"VCID-8xac-hgvs-ykgn"},{"vulnerability":"VCID-9xxd-uwwt-57ba"},{"vulnerability":"VCID-bcmm-z26p-rkfp"},{"vulnerability":"VCID-jj7e-xndw-6fcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/21731?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2jjv-4en4-e3gx"},{"vulnerability":"VCID-5657-kcyh-7bc2"},{"vulnerability":"VCID-986a-3m4g-83ge"},{"vulnerability":"VCID-br1c-5bzf-ufeu"},{"vulnerability":"VCID-c91y-txcw-2kdy"},{"vulnerability":"VCID-ebk2-vjau-57h9"},{"vulnerability":"VCID-fchc-55te-akhe"},{"vulnerability":"VCID-g6ud-92qe-hqcx"},{"vulnerability":"VCID-gu4y-aeqx-mqak"},{"vulnerability":"VCID-hnud-ktgb-dfe6"},{"vulnerability":"VCID-jma9-9uhu-xuc3"},{"vulnerability":"VCID-mwtw-n1tv-hfd9"},{"vulnerability":"VCID-ngtc-xtjn-xbhp"},{"vulnerability":"VCID-qcra-cu62-43he"},{"vulnerability":"VCID-rqy8-n6fr-hqey"},{"vulnerability":"VCID-scu3-cfyc-9qfz"},{"vulnerability":"VCID-tbnx-nuzv-ebdc"},{"vulnerability":"VCID-tks3-6uv4-kygf"},{"vulnerability":"VCID-yfja-ssw3-skh1"},{"vulnerability":"VCID-ym9b-4su6-6fbr"},{"vulnerability":"VCID-znfm-ak2t-mqdd"},{"vulnerability":"VCID-zyzp-aqd8-e3a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0"}],"aliases":["CVE-2016-6625","GHSA-r643-7xfg-ppc5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-64sy-unts-juf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7580?format=json","vulnerability_id":"VCID-8fu3-wm7d-qkeu","summary":"Incomplete Cleanup\nAn issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6632","reference_id":"","reference_type":"","scores":[{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68683","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.6852","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68488","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68527","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.6854","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68518","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68567","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68572","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68578","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68556","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68599","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68636","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68603","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68628","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68424","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68443","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68463","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68439","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68489","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68506","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68532","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6632"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-55","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-55"},{"reference_url":"http://www.securityfocus.com/bid/92497","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/92497"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6632","reference_id":"CVE-2016-6632","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6632"},{"reference_url":"https://github.com/advisories/GHSA-426q-975p-w5cr","reference_id":"GHSA-426q-975p-w5cr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-426q-975p-w5cr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23351?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mda-fksy-bqb2"},{"vulnerability":"VCID-8xac-hgvs-ykgn"},{"vulnerability":"VCID-9xxd-uwwt-57ba"},{"vulnerability":"VCID-bcmm-z26p-rkfp"},{"vulnerability":"VCID-jj7e-xndw-6fcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/21731?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2jjv-4en4-e3gx"},{"vulnerability":"VCID-5657-kcyh-7bc2"},{"vulnerability":"VCID-986a-3m4g-83ge"},{"vulnerability":"VCID-br1c-5bzf-ufeu"},{"vulnerability":"VCID-c91y-txcw-2kdy"},{"vulnerability":"VCID-ebk2-vjau-57h9"},{"vulnerability":"VCID-fchc-55te-akhe"},{"vulnerability":"VCID-g6ud-92qe-hqcx"},{"vulnerability":"VCID-gu4y-aeqx-mqak"},{"vulnerability":"VCID-hnud-ktgb-dfe6"},{"vulnerability":"VCID-jma9-9uhu-xuc3"},{"vulnerability":"VCID-mwtw-n1tv-hfd9"},{"vulnerability":"VCID-ngtc-xtjn-xbhp"},{"vulnerability":"VCID-qcra-cu62-43he"},{"vulnerability":"VCID-rqy8-n6fr-hqey"},{"vulnerability":"VCID-scu3-cfyc-9qfz"},{"vulnerability":"VCID-tbnx-nuzv-ebdc"},{"vulnerability":"VCID-tks3-6uv4-kygf"},{"vulnerability":"VCID-yfja-ssw3-skh1"},{"vulnerability":"VCID-ym9b-4su6-6fbr"},{"vulnerability":"VCID-znfm-ak2t-mqdd"},{"vulnerability":"VCID-zyzp-aqd8-e3a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0"}],"aliases":["CVE-2016-6632","GHSA-426q-975p-w5cr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8fu3-wm7d-qkeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7600?format=json","vulnerability_id":"VCID-9t2s-etzf-t3d2","summary":"Command Injection\nAn issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6609","reference_id":"","reference_type":"","scores":[{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62361","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62241","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.6222","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62265","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62272","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62256","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62266","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62283","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62276","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62222","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.6227","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62328","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62281","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62308","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62108","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62169","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62199","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62166","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62216","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62233","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62252","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6609"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6609","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6609"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-32","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-32"},{"reference_url":"http://www.securityfocus.com/bid/94112","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/94112"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6609","reference_id":"CVE-2016-6609","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6609"},{"reference_url":"https://github.com/advisories/GHSA-wpww-hx7x-xfjh","reference_id":"GHSA-wpww-hx7x-xfjh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wpww-hx7x-xfjh"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23351?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mda-fksy-bqb2"},{"vulnerability":"VCID-8xac-hgvs-ykgn"},{"vulnerability":"VCID-9xxd-uwwt-57ba"},{"vulnerability":"VCID-bcmm-z26p-rkfp"},{"vulnerability":"VCID-jj7e-xndw-6fcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/21731?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2jjv-4en4-e3gx"},{"vulnerability":"VCID-5657-kcyh-7bc2"},{"vulnerability":"VCID-986a-3m4g-83ge"},{"vulnerability":"VCID-br1c-5bzf-ufeu"},{"vulnerability":"VCID-c91y-txcw-2kdy"},{"vulnerability":"VCID-ebk2-vjau-57h9"},{"vulnerability":"VCID-fchc-55te-akhe"},{"vulnerability":"VCID-g6ud-92qe-hqcx"},{"vulnerability":"VCID-gu4y-aeqx-mqak"},{"vulnerability":"VCID-hnud-ktgb-dfe6"},{"vulnerability":"VCID-jma9-9uhu-xuc3"},{"vulnerability":"VCID-mwtw-n1tv-hfd9"},{"vulnerability":"VCID-ngtc-xtjn-xbhp"},{"vulnerability":"VCID-qcra-cu62-43he"},{"vulnerability":"VCID-rqy8-n6fr-hqey"},{"vulnerability":"VCID-scu3-cfyc-9qfz"},{"vulnerability":"VCID-tbnx-nuzv-ebdc"},{"vulnerability":"VCID-tks3-6uv4-kygf"},{"vulnerability":"VCID-yfja-ssw3-skh1"},{"vulnerability":"VCID-ym9b-4su6-6fbr"},{"vulnerability":"VCID-znfm-ak2t-mqdd"},{"vulnerability":"VCID-zyzp-aqd8-e3a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0"}],"aliases":["CVE-2016-6609","GHSA-wpww-hx7x-xfjh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9t2s-etzf-t3d2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7589?format=json","vulnerability_id":"VCID-e9qs-mvaa-wyc6","summary":"Incomplete List of Disallowed Inputs\nAn issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6624","reference_id":"","reference_type":"","scores":[{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53393","published_at":"2026-05-14T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53326","published_at":"2026-04-12T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53309","published_at":"2026-04-13T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53347","published_at":"2026-04-16T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53352","published_at":"2026-04-18T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53332","published_at":"2026-04-21T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53304","published_at":"2026-04-24T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53316","published_at":"2026-04-26T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53279","published_at":"2026-04-29T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53236","published_at":"2026-05-05T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53286","published_at":"2026-05-07T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53338","published_at":"2026-05-09T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53299","published_at":"2026-05-11T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53325","published_at":"2026-05-12T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53227","published_at":"2026-04-01T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53251","published_at":"2026-04-02T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53276","published_at":"2026-04-04T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53244","published_at":"2026-04-07T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53296","published_at":"2026-04-08T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53291","published_at":"2026-04-09T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53341","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6624"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6624"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-47","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-47"},{"reference_url":"http://www.securityfocus.com/bid/92489","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/92489"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6624","reference_id":"CVE-2016-6624","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6624"},{"reference_url":"https://github.com/advisories/GHSA-mhxj-6vf8-mwv3","reference_id":"GHSA-mhxj-6vf8-mwv3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mhxj-6vf8-mwv3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23351?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mda-fksy-bqb2"},{"vulnerability":"VCID-8xac-hgvs-ykgn"},{"vulnerability":"VCID-9xxd-uwwt-57ba"},{"vulnerability":"VCID-bcmm-z26p-rkfp"},{"vulnerability":"VCID-jj7e-xndw-6fcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/21731?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2jjv-4en4-e3gx"},{"vulnerability":"VCID-5657-kcyh-7bc2"},{"vulnerability":"VCID-986a-3m4g-83ge"},{"vulnerability":"VCID-br1c-5bzf-ufeu"},{"vulnerability":"VCID-c91y-txcw-2kdy"},{"vulnerability":"VCID-ebk2-vjau-57h9"},{"vulnerability":"VCID-fchc-55te-akhe"},{"vulnerability":"VCID-g6ud-92qe-hqcx"},{"vulnerability":"VCID-gu4y-aeqx-mqak"},{"vulnerability":"VCID-hnud-ktgb-dfe6"},{"vulnerability":"VCID-jma9-9uhu-xuc3"},{"vulnerability":"VCID-mwtw-n1tv-hfd9"},{"vulnerability":"VCID-ngtc-xtjn-xbhp"},{"vulnerability":"VCID-qcra-cu62-43he"},{"vulnerability":"VCID-rqy8-n6fr-hqey"},{"vulnerability":"VCID-scu3-cfyc-9qfz"},{"vulnerability":"VCID-tbnx-nuzv-ebdc"},{"vulnerability":"VCID-tks3-6uv4-kygf"},{"vulnerability":"VCID-yfja-ssw3-skh1"},{"vulnerability":"VCID-ym9b-4su6-6fbr"},{"vulnerability":"VCID-znfm-ak2t-mqdd"},{"vulnerability":"VCID-zyzp-aqd8-e3a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0"}],"aliases":["CVE-2016-6624","GHSA-mhxj-6vf8-mwv3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e9qs-mvaa-wyc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7587?format=json","vulnerability_id":"VCID-fgr8-8j61-cufq","summary":"Information Exposure\nAn issue was discovered in phpMyAdmin. A user can exploit the \"LOAD LOCAL INFILE\" functionality to expose files on the server to the database system.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6612","reference_id":"","reference_type":"","scores":[{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61554","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61444","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61426","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61465","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61469","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61453","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61441","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61456","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.6145","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61402","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61451","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61511","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61473","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.615","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61298","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61377","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61406","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61375","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61422","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61437","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61459","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6612"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6612","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6612"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-35","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-35"},{"reference_url":"http://www.securityfocus.com/bid/94113","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/94113"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6612","reference_id":"CVE-2016-6612","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6612"},{"reference_url":"https://github.com/advisories/GHSA-fcgm-62p3-f7cm","reference_id":"GHSA-fcgm-62p3-f7cm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fcgm-62p3-f7cm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23351?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mda-fksy-bqb2"},{"vulnerability":"VCID-8xac-hgvs-ykgn"},{"vulnerability":"VCID-9xxd-uwwt-57ba"},{"vulnerability":"VCID-bcmm-z26p-rkfp"},{"vulnerability":"VCID-jj7e-xndw-6fcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/21731?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2jjv-4en4-e3gx"},{"vulnerability":"VCID-5657-kcyh-7bc2"},{"vulnerability":"VCID-986a-3m4g-83ge"},{"vulnerability":"VCID-br1c-5bzf-ufeu"},{"vulnerability":"VCID-c91y-txcw-2kdy"},{"vulnerability":"VCID-ebk2-vjau-57h9"},{"vulnerability":"VCID-fchc-55te-akhe"},{"vulnerability":"VCID-g6ud-92qe-hqcx"},{"vulnerability":"VCID-gu4y-aeqx-mqak"},{"vulnerability":"VCID-hnud-ktgb-dfe6"},{"vulnerability":"VCID-jma9-9uhu-xuc3"},{"vulnerability":"VCID-mwtw-n1tv-hfd9"},{"vulnerability":"VCID-ngtc-xtjn-xbhp"},{"vulnerability":"VCID-qcra-cu62-43he"},{"vulnerability":"VCID-rqy8-n6fr-hqey"},{"vulnerability":"VCID-scu3-cfyc-9qfz"},{"vulnerability":"VCID-tbnx-nuzv-ebdc"},{"vulnerability":"VCID-tks3-6uv4-kygf"},{"vulnerability":"VCID-yfja-ssw3-skh1"},{"vulnerability":"VCID-ym9b-4su6-6fbr"},{"vulnerability":"VCID-znfm-ak2t-mqdd"},{"vulnerability":"VCID-zyzp-aqd8-e3a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0"}],"aliases":["CVE-2016-6612","GHSA-fcgm-62p3-f7cm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fgr8-8j61-cufq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7596?format=json","vulnerability_id":"VCID-fvnp-w4kk-3qfq","summary":"Cross-site Scripting\nXSS issues were discovered in phpMyAdmin. This affects the database privilege check and the \"Remove partitioning\" functionality. Specially crafted database names can trigger the XSS attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6608","reference_id":"","reference_type":"","scores":[{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63877","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63706","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63742","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63751","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63756","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63769","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63767","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63738","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63781","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63831","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63798","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63825","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63625","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63685","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63711","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63671","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63723","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63741","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63755","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.6374","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6608"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-31","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-31"},{"reference_url":"http://www.securityfocus.com/bid/93258","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/93258"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6608","reference_id":"CVE-2016-6608","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6608"},{"reference_url":"https://github.com/advisories/GHSA-jfmj-27fp-qp67","reference_id":"GHSA-jfmj-27fp-qp67","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jfmj-27fp-qp67"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23351?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mda-fksy-bqb2"},{"vulnerability":"VCID-8xac-hgvs-ykgn"},{"vulnerability":"VCID-9xxd-uwwt-57ba"},{"vulnerability":"VCID-bcmm-z26p-rkfp"},{"vulnerability":"VCID-jj7e-xndw-6fcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/21731?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2jjv-4en4-e3gx"},{"vulnerability":"VCID-5657-kcyh-7bc2"},{"vulnerability":"VCID-986a-3m4g-83ge"},{"vulnerability":"VCID-br1c-5bzf-ufeu"},{"vulnerability":"VCID-c91y-txcw-2kdy"},{"vulnerability":"VCID-ebk2-vjau-57h9"},{"vulnerability":"VCID-fchc-55te-akhe"},{"vulnerability":"VCID-g6ud-92qe-hqcx"},{"vulnerability":"VCID-gu4y-aeqx-mqak"},{"vulnerability":"VCID-hnud-ktgb-dfe6"},{"vulnerability":"VCID-jma9-9uhu-xuc3"},{"vulnerability":"VCID-mwtw-n1tv-hfd9"},{"vulnerability":"VCID-ngtc-xtjn-xbhp"},{"vulnerability":"VCID-qcra-cu62-43he"},{"vulnerability":"VCID-rqy8-n6fr-hqey"},{"vulnerability":"VCID-scu3-cfyc-9qfz"},{"vulnerability":"VCID-tbnx-nuzv-ebdc"},{"vulnerability":"VCID-tks3-6uv4-kygf"},{"vulnerability":"VCID-yfja-ssw3-skh1"},{"vulnerability":"VCID-ym9b-4su6-6fbr"},{"vulnerability":"VCID-znfm-ak2t-mqdd"},{"vulnerability":"VCID-zyzp-aqd8-e3a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0"}],"aliases":["CVE-2016-6608","GHSA-jfmj-27fp-qp67"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fvnp-w4kk-3qfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7576?format=json","vulnerability_id":"VCID-gzqe-8ywj-h7hk","summary":"Cryptographic Issues\nAn issue was discovered in phpMyAdmin. When the user does not specify a `blowfish_secret` key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's `blowfish_secret` and potentially decrypt their cookies.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9847","reference_id":"","reference_type":"","scores":[{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.6282","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.627","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62712","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62728","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62727","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62678","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62726","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62778","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62737","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62763","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62563","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62621","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62653","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62618","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.6267","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62686","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62704","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62694","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62671","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62711","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62719","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9847"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9847","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9847"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20210123194700/http://www.securityfocus.com/bid/94524","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123194700/http://www.securityfocus.com/bid/94524"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-58","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-58"},{"reference_url":"http://www.securityfocus.com/bid/94524","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94524"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9847","reference_id":"CVE-2016-9847","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9847"},{"reference_url":"https://github.com/advisories/GHSA-9xhq-pm7v-693p","reference_id":"GHSA-9xhq-pm7v-693p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9xhq-pm7v-693p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/24336?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.6.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7h9b-a8dp-57hp"},{"vulnerability":"VCID-uw6h-fpzy-x3ap"},{"vulnerability":"VCID-zreq-41ja-pbf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.5"},{"url":"http://public2.vulnerablecode.io/api/packages/21731?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2jjv-4en4-e3gx"},{"vulnerability":"VCID-5657-kcyh-7bc2"},{"vulnerability":"VCID-986a-3m4g-83ge"},{"vulnerability":"VCID-br1c-5bzf-ufeu"},{"vulnerability":"VCID-c91y-txcw-2kdy"},{"vulnerability":"VCID-ebk2-vjau-57h9"},{"vulnerability":"VCID-fchc-55te-akhe"},{"vulnerability":"VCID-g6ud-92qe-hqcx"},{"vulnerability":"VCID-gu4y-aeqx-mqak"},{"vulnerability":"VCID-hnud-ktgb-dfe6"},{"vulnerability":"VCID-jma9-9uhu-xuc3"},{"vulnerability":"VCID-mwtw-n1tv-hfd9"},{"vulnerability":"VCID-ngtc-xtjn-xbhp"},{"vulnerability":"VCID-qcra-cu62-43he"},{"vulnerability":"VCID-rqy8-n6fr-hqey"},{"vulnerability":"VCID-scu3-cfyc-9qfz"},{"vulnerability":"VCID-tbnx-nuzv-ebdc"},{"vulnerability":"VCID-tks3-6uv4-kygf"},{"vulnerability":"VCID-yfja-ssw3-skh1"},{"vulnerability":"VCID-ym9b-4su6-6fbr"},{"vulnerability":"VCID-znfm-ak2t-mqdd"},{"vulnerability":"VCID-zyzp-aqd8-e3a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0"}],"aliases":["CVE-2016-9847","GHSA-9xhq-pm7v-693p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gzqe-8ywj-h7hk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7585?format=json","vulnerability_id":"VCID-h5wu-ugm7-4bah","summary":"Code Injection\nAn issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6633","reference_id":"","reference_type":"","scores":[{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.83109","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.82918","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.82957","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.8296","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.8298","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.8299","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.82994","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.83017","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.83037","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.83058","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.83057","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.83073","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.82853","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.82869","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.82882","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.82878","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.82903","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.82911","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.82926","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.82922","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6633"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-56","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-56"},{"reference_url":"http://www.securityfocus.com/bid/92500","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/92500"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6633","reference_id":"CVE-2016-6633","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6633"},{"reference_url":"https://github.com/advisories/GHSA-p849-vf5f-f3x7","reference_id":"GHSA-p849-vf5f-f3x7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p849-vf5f-f3x7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23351?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mda-fksy-bqb2"},{"vulnerability":"VCID-8xac-hgvs-ykgn"},{"vulnerability":"VCID-9xxd-uwwt-57ba"},{"vulnerability":"VCID-bcmm-z26p-rkfp"},{"vulnerability":"VCID-jj7e-xndw-6fcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/21731?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2jjv-4en4-e3gx"},{"vulnerability":"VCID-5657-kcyh-7bc2"},{"vulnerability":"VCID-986a-3m4g-83ge"},{"vulnerability":"VCID-br1c-5bzf-ufeu"},{"vulnerability":"VCID-c91y-txcw-2kdy"},{"vulnerability":"VCID-ebk2-vjau-57h9"},{"vulnerability":"VCID-fchc-55te-akhe"},{"vulnerability":"VCID-g6ud-92qe-hqcx"},{"vulnerability":"VCID-gu4y-aeqx-mqak"},{"vulnerability":"VCID-hnud-ktgb-dfe6"},{"vulnerability":"VCID-jma9-9uhu-xuc3"},{"vulnerability":"VCID-mwtw-n1tv-hfd9"},{"vulnerability":"VCID-ngtc-xtjn-xbhp"},{"vulnerability":"VCID-qcra-cu62-43he"},{"vulnerability":"VCID-rqy8-n6fr-hqey"},{"vulnerability":"VCID-scu3-cfyc-9qfz"},{"vulnerability":"VCID-tbnx-nuzv-ebdc"},{"vulnerability":"VCID-tks3-6uv4-kygf"},{"vulnerability":"VCID-yfja-ssw3-skh1"},{"vulnerability":"VCID-ym9b-4su6-6fbr"},{"vulnerability":"VCID-znfm-ak2t-mqdd"},{"vulnerability":"VCID-zyzp-aqd8-e3a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0"}],"aliases":["CVE-2016-6633","GHSA-p849-vf5f-f3x7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h5wu-ugm7-4bah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7577?format=json","vulnerability_id":"VCID-tydk-zjv1-nye6","summary":"Improper Input Validation\nAn issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with `$cfg['AllowArbitraryServer']=true`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6622","reference_id":"","reference_type":"","scores":[{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.77363","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.77206","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.77207","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.77197","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.77233","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.77239","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.77255","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.77259","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.77289","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.7731","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.773","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.77317","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.77104","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.7711","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.7714","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.77122","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.77155","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.77163","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.77191","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.7717","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.77165","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6622"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20210125183746/http://www.securityfocus.com/bid/95049","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210125183746/http://www.securityfocus.com/bid/95049"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-45","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-45"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6622","reference_id":"CVE-2016-6622","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6622"},{"reference_url":"https://github.com/advisories/GHSA-qf3f-7x69-qfv3","reference_id":"GHSA-qf3f-7x69-qfv3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qf3f-7x69-qfv3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23351?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mda-fksy-bqb2"},{"vulnerability":"VCID-8xac-hgvs-ykgn"},{"vulnerability":"VCID-9xxd-uwwt-57ba"},{"vulnerability":"VCID-bcmm-z26p-rkfp"},{"vulnerability":"VCID-jj7e-xndw-6fcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/21731?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2jjv-4en4-e3gx"},{"vulnerability":"VCID-5657-kcyh-7bc2"},{"vulnerability":"VCID-986a-3m4g-83ge"},{"vulnerability":"VCID-br1c-5bzf-ufeu"},{"vulnerability":"VCID-c91y-txcw-2kdy"},{"vulnerability":"VCID-ebk2-vjau-57h9"},{"vulnerability":"VCID-fchc-55te-akhe"},{"vulnerability":"VCID-g6ud-92qe-hqcx"},{"vulnerability":"VCID-gu4y-aeqx-mqak"},{"vulnerability":"VCID-hnud-ktgb-dfe6"},{"vulnerability":"VCID-jma9-9uhu-xuc3"},{"vulnerability":"VCID-mwtw-n1tv-hfd9"},{"vulnerability":"VCID-ngtc-xtjn-xbhp"},{"vulnerability":"VCID-qcra-cu62-43he"},{"vulnerability":"VCID-rqy8-n6fr-hqey"},{"vulnerability":"VCID-scu3-cfyc-9qfz"},{"vulnerability":"VCID-tbnx-nuzv-ebdc"},{"vulnerability":"VCID-tks3-6uv4-kygf"},{"vulnerability":"VCID-yfja-ssw3-skh1"},{"vulnerability":"VCID-ym9b-4su6-6fbr"},{"vulnerability":"VCID-znfm-ak2t-mqdd"},{"vulnerability":"VCID-zyzp-aqd8-e3a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0"}],"aliases":["CVE-2016-6622","GHSA-qf3f-7x69-qfv3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tydk-zjv1-nye6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7593?format=json","vulnerability_id":"VCID-v66b-3ghf-9uas","summary":"Improper Input Validation\nAn issue was discovered in phpMyAdmin involving the `$cfg['ArbitraryServerRegexp']` configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by `ArbitraryServerRegexp`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6629","reference_id":"","reference_type":"","scores":[{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55083","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.551","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55142","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55121","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55056","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55048","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.54998","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55039","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55097","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55057","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.54974","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55075","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55101","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55076","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55138","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55118","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6629"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6629","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6629"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20210725054025/http://www.securityfocus.com/bid/92493","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210725054025/http://www.securityfocus.com/bid/92493"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-52","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-52"},{"reference_url":"http://www.securityfocus.com/bid/92493","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/92493"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6629","reference_id":"CVE-2016-6629","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6629"},{"reference_url":"https://github.com/advisories/GHSA-567r-vqj7-5cw7","reference_id":"GHSA-567r-vqj7-5cw7","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-567r-vqj7-5cw7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23351?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mda-fksy-bqb2"},{"vulnerability":"VCID-8xac-hgvs-ykgn"},{"vulnerability":"VCID-9xxd-uwwt-57ba"},{"vulnerability":"VCID-bcmm-z26p-rkfp"},{"vulnerability":"VCID-jj7e-xndw-6fcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/21731?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2jjv-4en4-e3gx"},{"vulnerability":"VCID-5657-kcyh-7bc2"},{"vulnerability":"VCID-986a-3m4g-83ge"},{"vulnerability":"VCID-br1c-5bzf-ufeu"},{"vulnerability":"VCID-c91y-txcw-2kdy"},{"vulnerability":"VCID-ebk2-vjau-57h9"},{"vulnerability":"VCID-fchc-55te-akhe"},{"vulnerability":"VCID-g6ud-92qe-hqcx"},{"vulnerability":"VCID-gu4y-aeqx-mqak"},{"vulnerability":"VCID-hnud-ktgb-dfe6"},{"vulnerability":"VCID-jma9-9uhu-xuc3"},{"vulnerability":"VCID-mwtw-n1tv-hfd9"},{"vulnerability":"VCID-ngtc-xtjn-xbhp"},{"vulnerability":"VCID-qcra-cu62-43he"},{"vulnerability":"VCID-rqy8-n6fr-hqey"},{"vulnerability":"VCID-scu3-cfyc-9qfz"},{"vulnerability":"VCID-tbnx-nuzv-ebdc"},{"vulnerability":"VCID-tks3-6uv4-kygf"},{"vulnerability":"VCID-yfja-ssw3-skh1"},{"vulnerability":"VCID-ym9b-4su6-6fbr"},{"vulnerability":"VCID-znfm-ak2t-mqdd"},{"vulnerability":"VCID-zyzp-aqd8-e3a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0"}],"aliases":["CVE-2016-6629","GHSA-567r-vqj7-5cw7"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v66b-3ghf-9uas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7603?format=json","vulnerability_id":"VCID-z22z-a5bq-97d3","summary":"Uncontrolled Resouce Consumption\nAn issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6618","reference_id":"","reference_type":"","scores":[{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68147","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67985","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.6795","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67987","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67983","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68025","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68034","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68039","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68013","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68056","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68097","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68064","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.6809","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67889","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67912","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67931","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.6791","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67961","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67975","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67998","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6618"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-41","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-41"},{"reference_url":"http://www.securityfocus.com/bid/95047","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/95047"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6618","reference_id":"CVE-2016-6618","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6618"},{"reference_url":"https://github.com/advisories/GHSA-rv6m-chvv-wmxg","reference_id":"GHSA-rv6m-chvv-wmxg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rv6m-chvv-wmxg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23351?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mda-fksy-bqb2"},{"vulnerability":"VCID-8xac-hgvs-ykgn"},{"vulnerability":"VCID-9xxd-uwwt-57ba"},{"vulnerability":"VCID-bcmm-z26p-rkfp"},{"vulnerability":"VCID-jj7e-xndw-6fcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/21731?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2jjv-4en4-e3gx"},{"vulnerability":"VCID-5657-kcyh-7bc2"},{"vulnerability":"VCID-986a-3m4g-83ge"},{"vulnerability":"VCID-br1c-5bzf-ufeu"},{"vulnerability":"VCID-c91y-txcw-2kdy"},{"vulnerability":"VCID-ebk2-vjau-57h9"},{"vulnerability":"VCID-fchc-55te-akhe"},{"vulnerability":"VCID-g6ud-92qe-hqcx"},{"vulnerability":"VCID-gu4y-aeqx-mqak"},{"vulnerability":"VCID-hnud-ktgb-dfe6"},{"vulnerability":"VCID-jma9-9uhu-xuc3"},{"vulnerability":"VCID-mwtw-n1tv-hfd9"},{"vulnerability":"VCID-ngtc-xtjn-xbhp"},{"vulnerability":"VCID-qcra-cu62-43he"},{"vulnerability":"VCID-rqy8-n6fr-hqey"},{"vulnerability":"VCID-scu3-cfyc-9qfz"},{"vulnerability":"VCID-tbnx-nuzv-ebdc"},{"vulnerability":"VCID-tks3-6uv4-kygf"},{"vulnerability":"VCID-yfja-ssw3-skh1"},{"vulnerability":"VCID-ym9b-4su6-6fbr"},{"vulnerability":"VCID-znfm-ak2t-mqdd"},{"vulnerability":"VCID-zyzp-aqd8-e3a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0"}],"aliases":["CVE-2016-6618","GHSA-rv6m-chvv-wmxg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z22z-a5bq-97d3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7598?format=json","vulnerability_id":"VCID-zg16-dfu1-g7dn","summary":"Information Exposure\nAn issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6613","reference_id":"","reference_type":"","scores":[{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61554","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61444","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61426","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61465","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61469","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61453","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61441","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61456","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.6145","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61402","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61451","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61511","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61473","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.615","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61298","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61377","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61406","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61375","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61422","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61437","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61459","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6613","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6613"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-36","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-36"},{"reference_url":"http://www.securityfocus.com/bid/94115","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/94115"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6613","reference_id":"CVE-2016-6613","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6613"},{"reference_url":"https://github.com/advisories/GHSA-6j2v-g9rg-qcm5","reference_id":"GHSA-6j2v-g9rg-qcm5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6j2v-g9rg-qcm5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23351?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mda-fksy-bqb2"},{"vulnerability":"VCID-8xac-hgvs-ykgn"},{"vulnerability":"VCID-9xxd-uwwt-57ba"},{"vulnerability":"VCID-bcmm-z26p-rkfp"},{"vulnerability":"VCID-jj7e-xndw-6fcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/21731?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2jjv-4en4-e3gx"},{"vulnerability":"VCID-5657-kcyh-7bc2"},{"vulnerability":"VCID-986a-3m4g-83ge"},{"vulnerability":"VCID-br1c-5bzf-ufeu"},{"vulnerability":"VCID-c91y-txcw-2kdy"},{"vulnerability":"VCID-ebk2-vjau-57h9"},{"vulnerability":"VCID-fchc-55te-akhe"},{"vulnerability":"VCID-g6ud-92qe-hqcx"},{"vulnerability":"VCID-gu4y-aeqx-mqak"},{"vulnerability":"VCID-hnud-ktgb-dfe6"},{"vulnerability":"VCID-jma9-9uhu-xuc3"},{"vulnerability":"VCID-mwtw-n1tv-hfd9"},{"vulnerability":"VCID-ngtc-xtjn-xbhp"},{"vulnerability":"VCID-qcra-cu62-43he"},{"vulnerability":"VCID-rqy8-n6fr-hqey"},{"vulnerability":"VCID-scu3-cfyc-9qfz"},{"vulnerability":"VCID-tbnx-nuzv-ebdc"},{"vulnerability":"VCID-tks3-6uv4-kygf"},{"vulnerability":"VCID-yfja-ssw3-skh1"},{"vulnerability":"VCID-ym9b-4su6-6fbr"},{"vulnerability":"VCID-znfm-ak2t-mqdd"},{"vulnerability":"VCID-zyzp-aqd8-e3a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0"}],"aliases":["CVE-2016-6613","GHSA-6j2v-g9rg-qcm5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zg16-dfu1-g7dn"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.3"}