{"url":"http://public2.vulnerablecode.io/api/packages/241052?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.6","type":"composer","namespace":"phpmyadmin","name":"phpmyadmin","version":"4.0.6","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.9.11","latest_non_vulnerable_version":"5.2.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43957?format=json","vulnerability_id":"VCID-282b-1ugg-yuev","summary":"phpMyAdmin server-side request forgery (SSRF)\nThe setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6621","reference_id":"","reference_type":"","scores":[{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68388","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68346","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6621"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-44","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-44"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6621","reference_id":"CVE-2016-6621","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6621"},{"reference_url":"https://github.com/advisories/GHSA-44vv-mm86-7cg6","reference_id":"GHSA-44vv-mm86-7cg6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-44vv-mm86-7cg6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63180?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10%252B19"},{"url":"http://public2.vulnerablecode.io/api/packages/241057?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.10.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-a94q-k98a-6qbw"},{"vulnerability":"VCID-amgy-teas-euh5"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n7cc-xfym-u7g4"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10.2"},{"url":"http://public2.vulnerablecode.io/api/packages/53791?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.4.15%2B10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-zvcj-g6rt-s3de"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.4.15%252B10"},{"url":"http://public2.vulnerablecode.io/api/packages/53792?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.6.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-zvcj-g6rt-s3de"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.6"}],"aliases":["CVE-2016-6621","GHSA-44vv-mm86-7cg6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-282b-1ugg-yuev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52411?format=json","vulnerability_id":"VCID-2at1-y3qg-77fb","summary":"Cross-site Scripting\nAn SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in `tbl_get_field.php` and `libraries/classes/Display/Results.php`). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10803","reference_id":"","reference_type":"","scores":[{"value":"0.02712","scoring_system":"epss","scoring_elements":"0.86212","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02712","scoring_system":"epss","scoring_elements":"0.86191","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10803"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10803.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10803.yaml"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-4","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2020-4"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-4/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2020-4/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954666","reference_id":"954666","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954666"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10803","reference_id":"CVE-2020-10803","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10803"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76942?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-qmj2-pxvt-zqes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/63727?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@5.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-wdn3-x8u3-wycp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.2"}],"aliases":["CVE-2020-10803","GHSA-fcww-8wvc-38q9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2at1-y3qg-77fb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52413?format=json","vulnerability_id":"VCID-32ja-yuuw-bbbh","summary":"SQL Injection\nAn SQL injection vulnerability was found in retrieval of the current username (in `libraries/classes/Server/Privileges.php` and `libraries/classes/UserPassword.php`). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10804","reference_id":"","reference_type":"","scores":[{"value":"0.01913","scoring_system":"epss","scoring_elements":"0.83658","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01913","scoring_system":"epss","scoring_elements":"0.83633","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10804"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10804.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10804.yaml"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-2","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2020-2"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-2/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2020-2/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954667","reference_id":"954667","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954667"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10804","reference_id":"CVE-2020-10804","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10804"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76942?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-qmj2-pxvt-zqes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/63727?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@5.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-wdn3-x8u3-wycp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.2"}],"aliases":["CVE-2020-10804","GHSA-h65r-8fp8-w7cx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-32ja-yuuw-bbbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98196?format=json","vulnerability_id":"VCID-7vpu-x9mb-q3c6","summary":"In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5504","reference_id":"","reference_type":"","scores":[{"value":"0.10648","scoring_system":"epss","scoring_elements":"0.93435","published_at":"2026-06-04T12:55:00Z"},{"value":"0.2219","scoring_system":"epss","scoring_elements":"0.95911","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5504"},{"reference_url":"https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-5504.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-5504.yaml"},{"reference_url":"https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-5504.md","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-5504.md"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5504","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5504"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2020-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948718","reference_id":"948718","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948718"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52451.txt","reference_id":"CVE-2020-5504","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52451.txt"},{"reference_url":"https://github.com/advisories/GHSA-fgj8-93xx-f6g6","reference_id":"GHSA-fgj8-93xx-f6g6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fgj8-93xx-f6g6"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150171?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.9.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-qmj2-pxvt-zqes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.4"},{"url":"http://public2.vulnerablecode.io/api/packages/150172?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@5.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-qmj2-pxvt-zqes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.1"}],"aliases":["CVE-2020-5504","GHSA-fgj8-93xx-f6g6"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7vpu-x9mb-q3c6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98138?format=json","vulnerability_id":"VCID-a94q-k98a-6qbw","summary":"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-10/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-10/msg00009.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7217","reference_id":"","reference_type":"","scores":[{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56961","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.5691","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7217"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/304fb2b645b36a39e03b954fdbd567173ebe6448","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/304fb2b645b36a39e03b954fdbd567173ebe6448"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/c1a3f85fbd1a9569646e7cf1b791325ae82c7961","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/c1a3f85fbd1a9569646e7cf1b791325ae82c7961"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7217","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7217"},{"reference_url":"https://web.archive.org/web/20141010205819/http://www.securityfocus.com/bid/70252","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20141010205819/http://www.securityfocus.com/bid/70252"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php"},{"reference_url":"https://github.com/advisories/GHSA-wv8g-fx9j-q2jg","reference_id":"GHSA-wv8g-fx9j-q2jg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wv8g-fx9j-q2jg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150213?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10%252B4"},{"url":"http://public2.vulnerablecode.io/api/packages/241059?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.10.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-amgy-teas-euh5"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10.4"},{"url":"http://public2.vulnerablecode.io/api/packages/150214?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.1.14%2B5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.1.14%252B5"},{"url":"http://public2.vulnerablecode.io/api/packages/150215?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.2.9%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.2.9%252B1"}],"aliases":["CVE-2014-7217","GHSA-wv8g-fx9j-q2jg"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a94q-k98a-6qbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44009?format=json","vulnerability_id":"VCID-amgy-teas-euh5","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-11/msg00004.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8326","reference_id":"","reference_type":"","scores":[{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50643","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50582","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8326"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8326","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8326"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/7b8962dede7631298c81e2c1cd267b81f1e08a8c","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/7b8962dede7631298c81e2c1cd267b81f1e08a8c"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/bd68c54d1beeef79d237e8bfda44690834012a76","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/bd68c54d1beeef79d237e8bfda44690834012a76"},{"reference_url":"https://web.archive.org/web/20200228163625/http://www.securityfocus.com/bid/70731","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228163625/http://www.securityfocus.com/bid/70731"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2014-12.php","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2014-12.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-8326","reference_id":"CVE-2014-8326","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-8326"},{"reference_url":"https://github.com/advisories/GHSA-pvr5-84gr-g985","reference_id":"GHSA-pvr5-84gr-g985","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pvr5-84gr-g985"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63270?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10%252B5"},{"url":"http://public2.vulnerablecode.io/api/packages/241060?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.10.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10.5"},{"url":"http://public2.vulnerablecode.io/api/packages/63271?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.1.14%2B6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.1.14%252B6"},{"url":"http://public2.vulnerablecode.io/api/packages/63272?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.2.10%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.2.10%252B1"}],"aliases":["CVE-2014-8326","GHSA-pvr5-84gr-g985"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-amgy-teas-euh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44158?format=json","vulnerability_id":"VCID-cbjd-e3sk-m7bu","summary":"Cross-Site Request Forgery (CSRF)\nAn issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9866","reference_id":"","reference_type":"","scores":[{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.4472","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44791","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9866"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9866","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9866"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20210123194736/http://www.securityfocus.com/bid/94536","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123194736/http://www.securityfocus.com/bid/94536"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-71","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-71"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9866","reference_id":"CVE-2016-9866","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9866"},{"reference_url":"https://github.com/advisories/GHSA-jvxx-8xxf-5495","reference_id":"GHSA-jvxx-8xxf-5495","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jvxx-8xxf-5495"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53740?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-txba-1at4-ekg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10%252B18"},{"url":"http://public2.vulnerablecode.io/api/packages/241057?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.10.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-a94q-k98a-6qbw"},{"vulnerability":"VCID-amgy-teas-euh5"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n7cc-xfym-u7g4"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10.2"},{"url":"http://public2.vulnerablecode.io/api/packages/53741?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.4.15%2B9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-txba-1at4-ekg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.4.15%252B9"},{"url":"http://public2.vulnerablecode.io/api/packages/53742?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.6.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-txba-1at4-ekg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.5"}],"aliases":["CVE-2016-9866","GHSA-jvxx-8xxf-5495"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cbjd-e3sk-m7bu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42612?format=json","vulnerability_id":"VCID-d3qn-js1p-7yeq","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nPhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0813","reference_id":"","reference_type":"","scores":[{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55092","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.5515","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0813"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202311-17","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202311-17"},{"reference_url":"https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information","reference_id":"","reference_type":"","scores":[],"url":"https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information"},{"reference_url":"https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released"},{"reference_url":"https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0813","reference_id":"CVE-2022-0813","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0813"},{"reference_url":"https://github.com/advisories/GHSA-vx8q-j7h9-vf6q","reference_id":"GHSA-vx8q-j7h9-vf6q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vx8q-j7h9-vf6q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60257?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@5.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/148443?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@5.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.1.3"}],"aliases":["CVE-2022-0813","GHSA-vx8q-j7h9-vf6q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d3qn-js1p-7yeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52410?format=json","vulnerability_id":"VCID-dx3h-z4dg-m3e1","summary":"SQL Injection\nIn phpMyAdmin, an SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in `libraries/classes/Controllers/Table/TableSearchController.php`. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10802","reference_id":"","reference_type":"","scores":[{"value":"0.01229","scoring_system":"epss","scoring_elements":"0.79522","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01229","scoring_system":"epss","scoring_elements":"0.79495","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10802"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10802.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10802.yaml"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-3","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2020-3"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-3/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2020-3/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954665","reference_id":"954665","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954665"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10802","reference_id":"CVE-2020-10802","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10802"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76942?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-qmj2-pxvt-zqes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/63727?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@5.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-wdn3-x8u3-wycp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.2"}],"aliases":["CVE-2020-10802","GHSA-f4cr-3xmc-2wpm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dx3h-z4dg-m3e1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53759?format=json","vulnerability_id":"VCID-j2k3-xghw-gfb3","summary":"Improper Neutralization of Escape, Meta, or Control Sequences\nphpMyAdmin may allow CSV injection via Export Section. NOTE: the vendor disputes this because \"the CSV file is accurately generated based on the database contents\".","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-22278","reference_id":"","reference_type":"","scores":[{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.6157","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61619","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-22278"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22278","reference_id":"CVE-2020-22278","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22278"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/78929?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@5.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.3"}],"aliases":["CVE-2020-22278"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j2k3-xghw-gfb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52056?format=json","vulnerability_id":"VCID-kfr7-v6tb-eqau","summary":"SQL Injection\nA crafted database/table name can be used to trigger a SQL injection attack through the designer feature.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18622","reference_id":"","reference_type":"","scores":[{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68544","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68503","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18622"},{"reference_url":"https://github.com/phpmyadmin/composer/commit/51acbf53564d9b52e78509a5688ec2b68976b5f7","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer/commit/51acbf53564d9b52e78509a5688ec2b68976b5f7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH/"},{"reference_url":"https://security.gentoo.org/glsa/202003-39","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202003-39"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2019-5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2019-5"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2019-5/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2019-5/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945349","reference_id":"945349","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945349"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18622","reference_id":"CVE-2019-18622","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18622"},{"reference_url":"https://github.com/advisories/GHSA-jgjc-332c-8cmc","reference_id":"GHSA-jgjc-332c-8cmc","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jgjc-332c-8cmc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76289?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-qmj2-pxvt-zqes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.2"},{"url":"http://public2.vulnerablecode.io/api/packages/63726?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@5.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-qmj2-pxvt-zqes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0"}],"aliases":["CVE-2019-18622","GHSA-jgjc-332c-8cmc"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kfr7-v6tb-eqau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98135?format=json","vulnerability_id":"VCID-m54t-23nu-3kaa","summary":"Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4986","reference_id":"","reference_type":"","scores":[{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56961","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.5691","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4986"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/29a1f56495a7d1d98da31a614f23c0819a606a4d","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/29a1f56495a7d1d98da31a614f23c0819a606a4d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4986","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4986"},{"reference_url":"https://security.gentoo.org/glsa/201505-03","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201505-03"},{"reference_url":"https://web.archive.org/web/20200228081340/http://www.securityfocus.com/bid/68803","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228081340/http://www.securityfocus.com/bid/68803"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php"},{"reference_url":"https://github.com/advisories/GHSA-jqmr-wqgp-8mh2","reference_id":"GHSA-jqmr-wqgp-8mh2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jqmr-wqgp-8mh2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/152783?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/241056?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-a94q-k98a-6qbw"},{"vulnerability":"VCID-amgy-teas-euh5"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n7cc-xfym-u7g4"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10.1"},{"url":"http://public2.vulnerablecode.io/api/packages/152785?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.1.14%2B2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.1.14%252B2"},{"url":"http://public2.vulnerablecode.io/api/packages/152787?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.2.6"}],"aliases":["CVE-2014-4986","GHSA-jqmr-wqgp-8mh2"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m54t-23nu-3kaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52077?format=json","vulnerability_id":"VCID-mzuh-5e5y-d3hr","summary":"Improper Neutralization of Escape, Meta, or Control Sequences\nphpMyAdmin does not escape certain Git information, related to `libraries/classes/Display/GitRevision.php` and `libraries/classes/Footer.php`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19617","reference_id":"","reference_type":"","scores":[{"value":"0.00997","scoring_system":"epss","scoring_elements":"0.77304","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00997","scoring_system":"epss","scoring_elements":"0.77333","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19617"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/compare/RELEASE_4_9_1...RELEASE_4_9_2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/compare/RELEASE_4_9_1...RELEASE_4_9_2"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00006.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html"},{"reference_url":"https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released"},{"reference_url":"https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19617","reference_id":"CVE-2019-19617","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19617"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76289?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-qmj2-pxvt-zqes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.2"}],"aliases":["CVE-2019-19617","GHSA-pgph-mc4p-f8c3"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mzuh-5e5y-d3hr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44063?format=json","vulnerability_id":"VCID-n7cc-xfym-u7g4","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-09/msg00032.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-09/msg00032.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6300","reference_id":"","reference_type":"","scores":[{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50975","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50913","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6300"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/33b39f9f1dd9a4d27856530e5ac004e23b30e8ac","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/33b39f9f1dd9a4d27856530e5ac004e23b30e8ac"},{"reference_url":"https://security.gentoo.org/glsa/201505-03","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201505-03"},{"reference_url":"https://web.archive.org/web/20200228081340/http://www.securityfocus.com/bid/69790","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228081340/http://www.securityfocus.com/bid/69790"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-6300","reference_id":"CVE-2014-6300","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-6300"},{"reference_url":"https://github.com/advisories/GHSA-6wfj-2mw7-p5cg","reference_id":"GHSA-6wfj-2mw7-p5cg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6wfj-2mw7-p5cg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63334?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10%252B3"},{"url":"http://public2.vulnerablecode.io/api/packages/241058?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-a94q-k98a-6qbw"},{"vulnerability":"VCID-amgy-teas-euh5"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/63335?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.1.14%2B4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.1.14%252B4"},{"url":"http://public2.vulnerablecode.io/api/packages/63336?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.2.8%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.2.8%252B1"}],"aliases":["CVE-2014-6300","GHSA-6wfj-2mw7-p5cg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n7cc-xfym-u7g4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44163?format=json","vulnerability_id":"VCID-r9sb-489v-fqc9","summary":"phpMyAdmin Cryptographic Vulnerability\nThe suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1927","reference_id":"","reference_type":"","scores":[{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70629","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70672","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/2369daa7f5f550797f560e6b46a021e4558c2d72","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/2369daa7f5f550797f560e6b46a021e4558c2d72"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/5530a72e162fab442218486a90ff3365c96fde98","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/5530a72e162fab442218486a90ff3365c96fde98"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/6a96e67487f2faecb4de4204fee9b96b94020720","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/6a96e67487f2faecb4de4204fee9b96b94020720"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/8b6737735be5787d0b98c6cdfe2c7e3131b1bc95","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/8b6737735be5787d0b98c6cdfe2c7e3131b1bc95"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/8dedcc1a175eb07debd4fe116407c43694c60b22","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/8dedcc1a175eb07debd4fe116407c43694c60b22"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/912856b432d794201884c36e5f390d446339b6e4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/912856b432d794201884c36e5f390d446339b6e4"},{"reference_url":"http://www.debian.org/security/2016/dsa-3627","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3627"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2016-4.php","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2016-4.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1927","reference_id":"CVE-2016-1927","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1927"},{"reference_url":"https://github.com/advisories/GHSA-4gmg-gwjh-3mmr","reference_id":"GHSA-4gmg-gwjh-3mmr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4gmg-gwjh-3mmr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63530?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10%252B13"},{"url":"http://public2.vulnerablecode.io/api/packages/241057?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.10.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-a94q-k98a-6qbw"},{"vulnerability":"VCID-amgy-teas-euh5"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n7cc-xfym-u7g4"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10.2"},{"url":"http://public2.vulnerablecode.io/api/packages/52543?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.4.15%2B3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-4kax-4bpz-g7c5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.4.15%252B3"},{"url":"http://public2.vulnerablecode.io/api/packages/52575?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-pfdk-db4h-47dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.5.4"}],"aliases":["CVE-2016-1927","GHSA-4gmg-gwjh-3mmr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r9sb-489v-fqc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43887?format=json","vulnerability_id":"VCID-tvfz-v881-sufp","summary":"phpMyAdmin Denial Of Service (DOS) attack\njs/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5706","reference_id":"","reference_type":"","scores":[{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.8633","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86352","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/4767f24ea4c1e3822ce71a636c341e8ad8d07aa6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/4767f24ea4c1e3822ce71a636c341e8ad8d07aa6"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/805225a28c1428d7809e613c731c2126960e98df","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/805225a28c1428d7809e613c731c2126960e98df"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/abb3685c8702de887988fee31a97ef4d80d856a1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/abb3685c8702de887988fee31a97ef4d80d856a1"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-22","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-22"},{"reference_url":"http://www.debian.org/security/2016/dsa-3627","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3627"},{"reference_url":"http://www.securityfocus.com/bid/91376","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/91376"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5706","reference_id":"CVE-2016-5706","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5706"},{"reference_url":"https://github.com/advisories/GHSA-9rmm-8fp4-26hv","reference_id":"GHSA-9rmm-8fp4-26hv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9rmm-8fp4-26hv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63059?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B16","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10%252B16"},{"url":"http://public2.vulnerablecode.io/api/packages/241057?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.10.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-a94q-k98a-6qbw"},{"vulnerability":"VCID-amgy-teas-euh5"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n7cc-xfym-u7g4"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10.2"},{"url":"http://public2.vulnerablecode.io/api/packages/63060?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.4.15%2B7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.4.15%252B7"},{"url":"http://public2.vulnerablecode.io/api/packages/52993?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-xqf5-yxf3-u3he"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.3"}],"aliases":["CVE-2016-5706","GHSA-9rmm-8fp4-26hv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tvfz-v881-sufp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51809?format=json","vulnerability_id":"VCID-w6nk-akeh-4ufg","summary":"Cross-Site Request Forgery (CSRF)\nA CSRF issue in phpMyAdmin allows deletion of any server in the Setup page.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html"},{"reference_url":"http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12922","reference_id":"","reference_type":"","scores":[{"value":"0.31957","scoring_system":"epss","scoring_elements":"0.96908","published_at":"2026-06-04T12:55:00Z"},{"value":"0.31957","scoring_system":"epss","scoring_elements":"0.96912","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12922"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Sep/23","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2019/Sep/23"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN"},{"reference_url":"https://www.exploit-db.com/exploits/47385","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/47385"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/47385.txt","reference_id":"CVE-2019-12922","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/47385.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12922","reference_id":"CVE-2019-12922","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12922"},{"reference_url":"https://github.com/advisories/GHSA-4c9q-64gq-xhx4","reference_id":"GHSA-4c9q-64gq-xhx4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4c9q-64gq-xhx4"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/75956?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-qmj2-pxvt-zqes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.1"},{"url":"http://public2.vulnerablecode.io/api/packages/63726?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@5.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-qmj2-pxvt-zqes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0"}],"aliases":["CVE-2019-12922","GHSA-4c9q-64gq-xhx4"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w6nk-akeh-4ufg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98178?format=json","vulnerability_id":"VCID-zyes-82y3-g7dh","summary":"An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6623","reference_id":"","reference_type":"","scores":[{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69446","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69485","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6623"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6623","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6623"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20210123204343/http://www.securityfocus.com/bid/95052","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123204343/http://www.securityfocus.com/bid/95052"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-46","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-46"},{"reference_url":"https://github.com/advisories/GHSA-2mcj-3r3r-v5wm","reference_id":"GHSA-2mcj-3r3r-v5wm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2mcj-3r3r-v5wm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150433?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10%252B17"},{"url":"http://public2.vulnerablecode.io/api/packages/241057?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.10.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-a94q-k98a-6qbw"},{"vulnerability":"VCID-amgy-teas-euh5"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n7cc-xfym-u7g4"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10.2"},{"url":"http://public2.vulnerablecode.io/api/packages/150432?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.4.15%2B8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.4.15%252B8"},{"url":"http://public2.vulnerablecode.io/api/packages/52992?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-utga-335m-dua9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.4"}],"aliases":["CVE-2016-6623","GHSA-2mcj-3r3r-v5wm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zyes-82y3-g7dh"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.6"}