{"url":"http://public2.vulnerablecode.io/api/packages/273449?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.2.12-2%2Bdeb8u2","type":"deb","namespace":"debian","name":"phpmyadmin","version":"4:4.2.12-2+deb8u2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4:5.2.2-really+dfsg-1+deb13u1","latest_non_vulnerable_version":"4:5.2.2-really+dfsg-1+deb13u1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98162?format=json","vulnerability_id":"VCID-1drk-gzqj-2qc5","summary":"Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5099","reference_id":"","reference_type":"","scores":[{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.66058","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.6611","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-5099"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1drk-gzqj-2qc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38033?format=json","vulnerability_id":"VCID-1hvw-4h4d-zkhv","summary":"Cross-site Scripting\nMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin allow remote authenticated users to inject arbitrary web script or HTML.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2040","reference_id":"","reference_type":"","scores":[{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.66068","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.66016","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/75a55824012406a08c4debf5ddb7ae41c32a7dbc","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/75a55824012406a08c4debf5ddb7ae41c32a7dbc"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/aca42efa01917cc0fe8cfdb2927a6399ca1742f2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/aca42efa01917cc0fe8cfdb2927a6399ca1742f2"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/edffb52884b09562490081c3b8666ef46c296418","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/edffb52884b09562490081c3b8666ef46c296418"},{"reference_url":"http://www.debian.org/security/2016/dsa-3627","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3627"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2016-3.php","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2016-3.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2040","reference_id":"CVE-2016-2040","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2040"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-2040","GHSA-pw34-qf6c-84fc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1hvw-4h4d-zkhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38671?format=json","vulnerability_id":"VCID-23dq-w66r-k3bt","summary":"Cross-site Scripting\nphpMyAdmin is vulnerable to a CSS injection attack through crafted cookie parameters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000015","reference_id":"","reference_type":"","scores":[{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68533","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68574","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000015"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://web.archive.org/web/20210123220229/http://www.securityfocus.com/bid/95726","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123220229/http://www.securityfocus.com/bid/95726"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2017-4","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2017-4"},{"reference_url":"http://www.securityfocus.com/bid/95726","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95726"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000015","reference_id":"CVE-2017-1000015","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000015"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2017-1000015","GHSA-3fgq-cmr4-97rr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-23dq-w66r-k3bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98158?format=json","vulnerability_id":"VCID-27w6-zhxk-x7e7","summary":"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2561","reference_id":"","reference_type":"","scores":[{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67632","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67673","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-2561"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-27w6-zhxk-x7e7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43957?format=json","vulnerability_id":"VCID-282b-1ugg-yuev","summary":"phpMyAdmin server-side request forgery (SSRF)\nThe setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6621","reference_id":"","reference_type":"","scores":[{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68388","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68346","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6621"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-44","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-44"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6621","reference_id":"CVE-2016-6621","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6621"},{"reference_url":"https://github.com/advisories/GHSA-44vv-mm86-7cg6","reference_id":"GHSA-44vv-mm86-7cg6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-44vv-mm86-7cg6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6621","GHSA-44vv-mm86-7cg6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-282b-1ugg-yuev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52411?format=json","vulnerability_id":"VCID-2at1-y3qg-77fb","summary":"Cross-site Scripting\nAn SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in `tbl_get_field.php` and `libraries/classes/Display/Results.php`). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10803","reference_id":"","reference_type":"","scores":[{"value":"0.02712","scoring_system":"epss","scoring_elements":"0.86212","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02712","scoring_system":"epss","scoring_elements":"0.86191","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10803"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10803.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10803.yaml"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-4","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2020-4"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-4/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2020-4/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954666","reference_id":"954666","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954666"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10803","reference_id":"CVE-2020-10803","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10803"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195443?format=json","purl":"pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dmqy-9xth-cuhs"},{"vulnerability":"VCID-gx8h-5h14-dqez"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1"}],"aliases":["CVE-2020-10803","GHSA-fcww-8wvc-38q9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2at1-y3qg-77fb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38148?format=json","vulnerability_id":"VCID-2vqn-z4en-duh4","summary":"Information Exposure\nphpMyAdmin allows remote attackers to obtain sensitive information.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5730","reference_id":"","reference_type":"","scores":[{"value":"0.01317","scoring_system":"epss","scoring_elements":"0.80195","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01317","scoring_system":"epss","scoring_elements":"0.80219","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5730"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/27664605b945b13e1d2b71adea822ace2099cc96","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/27664605b945b13e1d2b71adea822ace2099cc96"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/331c560fbfa0e7d2dce674b5e88e983c5f2a451d","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/331c560fbfa0e7d2dce674b5e88e983c5f2a451d"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/96e0aa35653ec0c66084a7e9343465e16c1f769b","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/96e0aa35653ec0c66084a7e9343465e16c1f769b"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/b0180f18c828706af3a6800f0fb01a536d3ef8c7","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/b0180f18c828706af3a6800f0fb01a536d3ef8c7"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/cd229d718e8cb4bc8ba32446beaa82d27727b6f0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/cd229d718e8cb4bc8ba32446beaa82d27727b6f0"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-23","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-23"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-23/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2016-23/"},{"reference_url":"http://www.securityfocus.com/bid/91379","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/91379"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5730","reference_id":"CVE-2016-5730","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5730"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-5730","GHSA-wm9c-vcv2-vpqc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2vqn-z4en-duh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98187?format=json","vulnerability_id":"VCID-31jg-3pzb-y3b6","summary":"An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the fopen wrapper issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9853","reference_id":"","reference_type":"","scores":[{"value":"0.00589","scoring_system":"epss","scoring_elements":"0.69583","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00589","scoring_system":"epss","scoring_elements":"0.69544","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9853"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9853","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9853"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9853","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9853"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20210127193655/http://www.securityfocus.com/bid/94527","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210127193655/http://www.securityfocus.com/bid/94527"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-63","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-63"},{"reference_url":"https://github.com/advisories/GHSA-rmmf-5xhh-gg27","reference_id":"GHSA-rmmf-5xhh-gg27","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rmmf-5xhh-gg27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-9853","GHSA-rmmf-5xhh-gg27"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-31jg-3pzb-y3b6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52413?format=json","vulnerability_id":"VCID-32ja-yuuw-bbbh","summary":"SQL Injection\nAn SQL injection vulnerability was found in retrieval of the current username (in `libraries/classes/Server/Privileges.php` and `libraries/classes/UserPassword.php`). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10804","reference_id":"","reference_type":"","scores":[{"value":"0.01913","scoring_system":"epss","scoring_elements":"0.83658","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01913","scoring_system":"epss","scoring_elements":"0.83633","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10804"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10804.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10804.yaml"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-2","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2020-2"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-2/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2020-2/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954667","reference_id":"954667","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954667"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10804","reference_id":"CVE-2020-10804","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10804"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195443?format=json","purl":"pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dmqy-9xth-cuhs"},{"vulnerability":"VCID-gx8h-5h14-dqez"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1"}],"aliases":["CVE-2020-10804","GHSA-h65r-8fp8-w7cx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-32ja-yuuw-bbbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98160?format=json","vulnerability_id":"VCID-33kv-ye2c-ebax","summary":"phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5097","reference_id":"","reference_type":"","scores":[{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68358","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68399","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5097"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-5097"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-33kv-ye2c-ebax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43920?format=json","vulnerability_id":"VCID-33mh-s92h-c7ht","summary":"phpMyAdmin vulnerable to Cross-Site Request Forgery\nThe Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5739","reference_id":"","reference_type":"","scores":[{"value":"0.00919","scoring_system":"epss","scoring_elements":"0.76367","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00919","scoring_system":"epss","scoring_elements":"0.76339","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/1e5716cb96d46efc305381ae0da08e73fe340f05","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/1e5716cb96d46efc305381ae0da08e73fe340f05"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/2f4950828ec241e8cbdcf13090c2582a6fa620cb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/2f4950828ec241e8cbdcf13090c2582a6fa620cb"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20200227223419/http://www.securityfocus.com/bid/91389","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227223419/http://www.securityfocus.com/bid/91389"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-28","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-28"},{"reference_url":"http://www.debian.org/security/2016/dsa-3627","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3627"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5739","reference_id":"CVE-2016-5739","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5739"},{"reference_url":"https://github.com/advisories/GHSA-2p7v-jm8m-g3qq","reference_id":"GHSA-2p7v-jm8m-g3qq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2p7v-jm8m-g3qq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-5739","GHSA-2p7v-jm8m-g3qq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-33mh-s92h-c7ht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38682?format=json","vulnerability_id":"VCID-38tp-acy8-57hj","summary":"Improper Input Validation\nphpMyAdmin is vulnerable to a DoS weakness in the table editing functionality.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000014","reference_id":"","reference_type":"","scores":[{"value":"0.01144","scoring_system":"epss","scoring_elements":"0.78784","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01144","scoring_system":"epss","scoring_elements":"0.78809","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000014"},{"reference_url":"https://web.archive.org/web/20210123220105/http://www.securityfocus.com/bid/95721","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123220105/http://www.securityfocus.com/bid/95721"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2017-3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2017-3"},{"reference_url":"http://www.securityfocus.com/bid/95721","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95721"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000014","reference_id":"CVE-2017-1000014","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000014"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2017-1000014","GHSA-9hrc-rwrq-v6mh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-38tp-acy8-57hj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38286?format=json","vulnerability_id":"VCID-3va7-xx14-gkds","summary":"Information Exposure\nAn issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6613","reference_id":"","reference_type":"","scores":[{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55792","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55735","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6613","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6613"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-36","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-36"},{"reference_url":"http://www.securityfocus.com/bid/94115","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/94115"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6613","reference_id":"CVE-2016-6613","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6613"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6613","GHSA-6j2v-g9rg-qcm5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3va7-xx14-gkds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38281?format=json","vulnerability_id":"VCID-44uc-xrvp-7bet","summary":"Incomplete List of Disallowed Inputs\nAn issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6624","reference_id":"","reference_type":"","scores":[{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62366","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.6232","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6624"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6624"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-47","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-47"},{"reference_url":"http://www.securityfocus.com/bid/92489","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/92489"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6624","reference_id":"CVE-2016-6624","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6624"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6624","GHSA-mhxj-6vf8-mwv3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-44uc-xrvp-7bet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38289?format=json","vulnerability_id":"VCID-4avx-e9mf-2yb1","summary":"Uncontrolled Resouce Consumption\nAn issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6618","reference_id":"","reference_type":"","scores":[{"value":"0.00756","scoring_system":"epss","scoring_elements":"0.73661","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00756","scoring_system":"epss","scoring_elements":"0.73626","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6618"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-41","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-41"},{"reference_url":"http://www.securityfocus.com/bid/95047","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/95047"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6618","reference_id":"CVE-2016-6618","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6618"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6618","GHSA-rv6m-chvv-wmxg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4avx-e9mf-2yb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38034?format=json","vulnerability_id":"VCID-4kax-4bpz-g7c5","summary":"Covert Timing Channel\n`libraries/common.inc.php` in phpMyAdmin does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2041","reference_id":"","reference_type":"","scores":[{"value":"0.01029","scoring_system":"epss","scoring_elements":"0.77659","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01029","scoring_system":"epss","scoring_elements":"0.77687","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/ec0e88e37ef30a66eada1c072953f4ec385a3e49","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/ec0e88e37ef30a66eada1c072953f4ec385a3e49"},{"reference_url":"http://www.debian.org/security/2016/dsa-3627","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3627"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2016-5.php","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2016-5.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2041","reference_id":"CVE-2016-2041","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2041"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-2041","GHSA-8m97-xc46-rw9w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4kax-4bpz-g7c5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38287?format=json","vulnerability_id":"VCID-4vgu-cagj-hfhb","summary":"Command Injection\nAn issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6609","reference_id":"","reference_type":"","scores":[{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61758","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61709","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6609"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6609","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6609"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-32","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-32"},{"reference_url":"http://www.securityfocus.com/bid/94112","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/94112"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6609","reference_id":"CVE-2016-6609","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6609"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6609","GHSA-wpww-hx7x-xfjh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4vgu-cagj-hfhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40500?format=json","vulnerability_id":"VCID-4wn2-pnbv-sked","summary":"Cross-site Scripting\nIn phpMyAdm, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted `database/table` name.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19970","reference_id":"","reference_type":"","scores":[{"value":"0.01296","scoring_system":"epss","scoring_elements":"0.80037","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01296","scoring_system":"epss","scoring_elements":"0.80063","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19970"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html"},{"reference_url":"https://security.gentoo.org/glsa/201904-16","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201904-16"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2018-8","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2018-8"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2018-8/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2018-8/"},{"reference_url":"http://www.securityfocus.com/bid/106181","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/106181"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19970","reference_id":"CVE-2018-19970","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19970"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195443?format=json","purl":"pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dmqy-9xth-cuhs"},{"vulnerability":"VCID-gx8h-5h14-dqez"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1"}],"aliases":["CVE-2018-19970","GHSA-8987-93fh-rcwq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4wn2-pnbv-sked"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40494?format=json","vulnerability_id":"VCID-52xs-45kd-w3hz","summary":"Information Exposure\nAn attacker can exploit phpMyAdm to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19968","reference_id":"","reference_type":"","scores":[{"value":"0.02384","scoring_system":"epss","scoring_elements":"0.85315","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02384","scoring_system":"epss","scoring_elements":"0.85291","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19968"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19968","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19968"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html"},{"reference_url":"https://security.gentoo.org/glsa/201904-16","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201904-16"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2018-6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2018-6"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2018-6/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2018-6/"},{"reference_url":"http://www.securityfocus.com/bid/106178","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/106178"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19968","reference_id":"CVE-2018-19968","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19968"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195443?format=json","purl":"pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dmqy-9xth-cuhs"},{"vulnerability":"VCID-gx8h-5h14-dqez"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1"}],"aliases":["CVE-2018-19968","GHSA-xc97-r49q-cxgc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-52xs-45kd-w3hz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56527?format=json","vulnerability_id":"VCID-59mu-8aep-9ycn","summary":"phpMyAdmin XSS when checking tables\nAn issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24530","reference_id":"","reference_type":"","scores":[{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.54052","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24530"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24530","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24530"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/23c13a81709728089ff031e5b1c29b5e91baa6a7","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/23c13a81709728089ff031e5b1c29b5e91baa6a7"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00016.html"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2025-1","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2025-1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24530","reference_id":"CVE-2025-24530","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24530"},{"reference_url":"https://github.com/advisories/GHSA-222v-cx2c-q2f5","reference_id":"GHSA-222v-cx2c-q2f5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-222v-cx2c-q2f5"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2025-1/","reference_id":"PMASA-2025-1","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T15:02:00Z/"}],"url":"https://www.phpmyadmin.net/security/PMASA-2025-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195444?format=json","purl":"pkg:deb/debian/phpmyadmin@4:5.2.1%2Bdfsg-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gx8h-5h14-dqez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.1%252Bdfsg-1%252Bdeb12u1"}],"aliases":["CVE-2025-24530","GHSA-222v-cx2c-q2f5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-59mu-8aep-9ycn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98168?format=json","vulnerability_id":"VCID-5bu8-wy7w-bqfc","summary":"An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6606","reference_id":"","reference_type":"","scores":[{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59533","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59583","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6606"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6606"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6606"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5bu8-wy7w-bqfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53948?format=json","vulnerability_id":"VCID-5jye-2stz-fqam","summary":"Uncontrolled Resource Consumption\nThe jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package \"jquery-validation\". jquery-validation before version 1.19.3 contains one or more regular expressions that is vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21252.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21252.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21252","reference_id":"","reference_type":"","scores":[{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.73021","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.72983","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21252"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21252","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21252"},{"reference_url":"https://github.com/jquery-validation/jquery-validation","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jquery-validation/jquery-validation"},{"reference_url":"https://github.com/jquery-validation/jquery-validation/commit/5d8f29eef363d043a8fec4eb86d42cadb5fa5f7d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jquery-validation/jquery-validation/commit/5d8f29eef363d043a8fec4eb86d42cadb5fa5f7d"},{"reference_url":"https://github.com/jquery-validation/jquery-validation/pull/2371","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jquery-validation/jquery-validation/pull/2371"},{"reference_url":"https://jqueryvalidation.org/#installation-via-package-managers","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jqueryvalidation.org/#installation-via-package-managers"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"},{"reference_url":"https://securitylab.github.com/advisories/GHSL-2020-294-redos-jquery-validation","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://securitylab.github.com/advisories/GHSL-2020-294-redos-jquery-validation"},{"reference_url":"https://securitylab.github.com/advisories/GHSL-2020-294-redos-jquery-validation/","reference_id":"","reference_type":"","scores":[],"url":"https://securitylab.github.com/advisories/GHSL-2020-294-redos-jquery-validation/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210219-0005","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210219-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210219-0005/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210219-0005/"},{"reference_url":"https://www.npmjs.com/package/jquery-validation","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/package/jquery-validation"},{"reference_url":"https://www.nuget.org/packages/jquery.validation","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.nuget.org/packages/jquery.validation"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2096941","reference_id":"2096941","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2096941"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980891","reference_id":"980891","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980891"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980892","reference_id":"980892","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980892"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21252","reference_id":"CVE-2021-21252","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21252"},{"reference_url":"https://github.com/advisories/GHSA-jxwx-85vp-gvwm","reference_id":"GHSA-jxwx-85vp-gvwm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jxwx-85vp-gvwm"},{"reference_url":"https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-jxwx-85vp-gvwm","reference_id":"GHSA-jxwx-85vp-gvwm","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-jxwx-85vp-gvwm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195443?format=json","purl":"pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dmqy-9xth-cuhs"},{"vulnerability":"VCID-gx8h-5h14-dqez"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1"}],"aliases":["CVE-2021-21252","GHSA-jxwx-85vp-gvwm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5jye-2stz-fqam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98153?format=json","vulnerability_id":"VCID-6gs5-cswx-bfeb","summary":"phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2042.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2042.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2042","reference_id":"","reference_type":"","scores":[{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.69183","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00577","scoring_system":"epss","scoring_elements":"0.69222","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2042","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2042"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302682","reference_id":"1302682","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302682"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-2042"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6gs5-cswx-bfeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98177?format=json","vulnerability_id":"VCID-7avk-rmwd-yugt","summary":"An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6620","reference_id":"","reference_type":"","scores":[{"value":"0.02323","scoring_system":"epss","scoring_elements":"0.85098","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02323","scoring_system":"epss","scoring_elements":"0.85122","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6620"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6620"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7avk-rmwd-yugt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98196?format=json","vulnerability_id":"VCID-7vpu-x9mb-q3c6","summary":"In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5504","reference_id":"","reference_type":"","scores":[{"value":"0.10648","scoring_system":"epss","scoring_elements":"0.93435","published_at":"2026-06-04T12:55:00Z"},{"value":"0.2219","scoring_system":"epss","scoring_elements":"0.95911","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5504"},{"reference_url":"https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-5504.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-5504.yaml"},{"reference_url":"https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-5504.md","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-5504.md"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5504","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5504"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2020-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948718","reference_id":"948718","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948718"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52451.txt","reference_id":"CVE-2020-5504","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52451.txt"},{"reference_url":"https://github.com/advisories/GHSA-fgj8-93xx-f6g6","reference_id":"GHSA-fgj8-93xx-f6g6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fgj8-93xx-f6g6"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195443?format=json","purl":"pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dmqy-9xth-cuhs"},{"vulnerability":"VCID-gx8h-5h14-dqez"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1"}],"aliases":["CVE-2020-5504","GHSA-fgj8-93xx-f6g6"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7vpu-x9mb-q3c6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98163?format=json","vulnerability_id":"VCID-84n7-nzzg-juhz","summary":"phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5702","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48296","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48233","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5702"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5702","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5702"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/27caf5b46bd0890e576fea7bd7b166a0639fdf68","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/27caf5b46bd0890e576fea7bd7b166a0639fdf68"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5702","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5702"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-18","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-18"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-18/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2016-18/"},{"reference_url":"https://github.com/advisories/GHSA-xqw9-ffx7-g998","reference_id":"GHSA-xqw9-ffx7-g998","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xqw9-ffx7-g998"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-5702","GHSA-xqw9-ffx7-g998"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-84n7-nzzg-juhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98173?format=json","vulnerability_id":"VCID-8jt7-y15v-83gj","summary":"XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the \"Tracking\" feature (a specially-crafted query can be used to trigger an XSS attack); and GIS visualization feature. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6615","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55451","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55507","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6615"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6615"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8jt7-y15v-83gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41055?format=json","vulnerability_id":"VCID-8rvw-n1fg-ffc2","summary":"Cross-Site Request Forgery (CSRF)\nA vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken `<img>` tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific `INSERT` or `DELETE` statement) to the victim.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12616","reference_id":"","reference_type":"","scores":[{"value":"0.49922","scoring_system":"epss","scoring_elements":"0.97869","published_at":"2026-06-05T12:55:00Z"},{"value":"0.52136","scoring_system":"epss","scoring_elements":"0.97969","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12616"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/015c404038c44279d95b6430ee5a0dddc97691ec","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/015c404038c44279d95b6430ee5a0dddc97691ec"},{"reference_url":"https://packetstormsecurity.com/files/153251/phpMyAdmin-4.8-Cross-Site-Request-Forgery.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packetstormsecurity.com/files/153251/phpMyAdmin-4.8-Cross-Site-Request-Forgery.html"},{"reference_url":"https://www.phpmyadmin.net/security/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2019-4","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2019-4"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2019-4/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2019-4/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930017","reference_id":"930017","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930017"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46982.txt","reference_id":"CVE-2019-12616","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46982.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12616","reference_id":"CVE-2019-12616","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12616"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195443?format=json","purl":"pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dmqy-9xth-cuhs"},{"vulnerability":"VCID-gx8h-5h14-dqez"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1"}],"aliases":["CVE-2019-12616","GHSA-mfr9-pcm3-6mwc"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8rvw-n1fg-ffc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98176?format=json","vulnerability_id":"VCID-8yxm-e33n-d7gj","summary":"An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6619","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55406","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55462","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6619"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6619"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8yxm-e33n-d7gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98179?format=json","vulnerability_id":"VCID-9nh7-ny6c-n3cd","summary":"An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6626","reference_id":"","reference_type":"","scores":[{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49363","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49425","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6626"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6626"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9nh7-ny6c-n3cd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98164?format=json","vulnerability_id":"VCID-9tdu-572c-tbb2","summary":"SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5703","reference_id":"","reference_type":"","scores":[{"value":"0.01576","scoring_system":"epss","scoring_elements":"0.81885","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01576","scoring_system":"epss","scoring_elements":"0.81918","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5703"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-5703"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9tdu-572c-tbb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98185?format=json","vulnerability_id":"VCID-ajeh-4q9t-sydz","summary":"An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9850","reference_id":"","reference_type":"","scores":[{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68788","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68828","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9850"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9850","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9850"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-9850"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ajeh-4q9t-sydz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40645?format=json","vulnerability_id":"VCID-ajf6-bk2g-wkb7","summary":"Information Exposure\nWhen the `AllowArbitraryServer` configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the `mysql.allow_local_infile` PHP configuration, and the inadvertent ignoring of `options(MYSQLI_OPT_LOCAL_INFILE` calls.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6799","reference_id":"","reference_type":"","scores":[{"value":"0.76961","scoring_system":"epss","scoring_elements":"0.98978","published_at":"2026-06-04T12:55:00Z"},{"value":"0.76961","scoring_system":"epss","scoring_elements":"0.98979","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6799","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6799"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00039.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00039.html"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2019-1","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2019-1"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2019-1/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2019-1/"},{"reference_url":"http://www.securityfocus.com/bid/106736","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/106736"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920823","reference_id":"920823","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920823"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6799","reference_id":"CVE-2019-6799","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6799"},{"reference_url":"https://github.com/advisories/GHSA-c8wj-q36q-3wg4","reference_id":"GHSA-c8wj-q36q-3wg4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c8wj-q36q-3wg4"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195443?format=json","purl":"pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dmqy-9xth-cuhs"},{"vulnerability":"VCID-gx8h-5h14-dqez"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1"}],"aliases":["CVE-2019-6799","GHSA-c8wj-q36q-3wg4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ajf6-bk2g-wkb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53708?format=json","vulnerability_id":"VCID-b2nf-6pr3-xqaa","summary":"SQL Injection\nAn issue was discovered in SearchController in phpMyAdmin. An SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html"},{"reference_url":"https://advisory.checkmarx.net/advisory/CX-2020-4281","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://advisory.checkmarx.net/advisory/CX-2020-4281"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26935","reference_id":"","reference_type":"","scores":[{"value":"0.89641","scoring_system":"epss","scoring_elements":"0.99579","published_at":"2026-06-04T12:55:00Z"},{"value":"0.89641","scoring_system":"epss","scoring_elements":"0.99581","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26935"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26935","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26935"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-26935.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-26935.yaml"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5"},{"reference_url":"https://security.gentoo.org/glsa/202101-35","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202101-35"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2020-6"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-6/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2020-6/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972000","reference_id":"972000","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972000"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26935","reference_id":"CVE-2020-26935","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26935"},{"reference_url":"https://github.com/advisories/GHSA-7ff4-cv53-4cjq","reference_id":"GHSA-7ff4-cv53-4cjq","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7ff4-cv53-4cjq"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195443?format=json","purl":"pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dmqy-9xth-cuhs"},{"vulnerability":"VCID-gx8h-5h14-dqez"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1"}],"aliases":["CVE-2020-26935","GHSA-7ff4-cv53-4cjq"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b2nf-6pr3-xqaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98155?format=json","vulnerability_id":"VCID-b4jk-yjfy-pfcv","summary":"libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2044","reference_id":"","reference_type":"","scores":[{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.6338","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63423","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2044"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2044","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2044"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-2044"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b4jk-yjfy-pfcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38046?format=json","vulnerability_id":"VCID-b6ng-ygap-zqh4","summary":"Improper Input Validation\nThe `checkHTTP` function in `libraries/Config.class.php` in phpMyAdmin does not verify X.509 certificates from `api.github.com` SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2562","reference_id":"","reference_type":"","scores":[{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.4589","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45959","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2562"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/e42b7e3aedd29dd0f7a48575f20bfc5aca0ff976","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/e42b7e3aedd29dd0f7a48575f20bfc5aca0ff976"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-13","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-13"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-13/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2016-13/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2562","reference_id":"CVE-2016-2562","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2562"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-2562","GHSA-w8qg-j9fp-hrjf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b6ng-ygap-zqh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40646?format=json","vulnerability_id":"VCID-bd83-vf81-sfa4","summary":"SQL Injection\nAn issue was discovered in phpMyAdmin. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6798","reference_id":"","reference_type":"","scores":[{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60597","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60645","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6798"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2019-2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2019-2"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2019-2/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2019-2/"},{"reference_url":"http://www.securityfocus.com/bid/106727","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/106727"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920822","reference_id":"920822","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920822"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6798","reference_id":"CVE-2019-6798","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6798"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195443?format=json","purl":"pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dmqy-9xth-cuhs"},{"vulnerability":"VCID-gx8h-5h14-dqez"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1"}],"aliases":["CVE-2019-6798","GHSA-f732-fxh6-g4qj"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bd83-vf81-sfa4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43916?format=json","vulnerability_id":"VCID-bddg-5zgr-3uew","summary":"phpMyAdmin vulnerable to Cross-site Scripting\nMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an \"invalid JSON\" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5705","reference_id":"","reference_type":"","scores":[{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69998","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.70039","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/03f73d48369703e0d3584699b08e24891c3295b8","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/03f73d48369703e0d3584699b08e24891c3295b8"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/0b7416c5f4439ed3f11c023785f2d4c49a1b09fc","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/0b7416c5f4439ed3f11c023785f2d4c49a1b09fc"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/364732e309cccb3fb56c938ed8d8bc0e04a3ca98","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/364732e309cccb3fb56c938ed8d8bc0e04a3ca98"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/36df83a97a7f140fdb008b727a94f882847c6a6f","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/36df83a97a7f140fdb008b727a94f882847c6a6f"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/57ae483bad33059a885366d5445b7e1f6f29860a","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/57ae483bad33059a885366d5445b7e1f6f29860a"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20200227223416/http://www.securityfocus.com/bid/91378","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227223416/http://www.securityfocus.com/bid/91378"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-21","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-21"},{"reference_url":"http://www.debian.org/security/2016/dsa-3627","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3627"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5705","reference_id":"CVE-2016-5705","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5705"},{"reference_url":"https://github.com/advisories/GHSA-6q2j-8h8q-46mr","reference_id":"GHSA-6q2j-8h8q-46mr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6q2j-8h8q-46mr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-5705","GHSA-6q2j-8h8q-46mr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bddg-5zgr-3uew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38678?format=json","vulnerability_id":"VCID-btc1-yng3-ckhx","summary":"Improper Input Validation\nphpMyAdmin is vulnerable to a DoS attack in the replication status by using a specially crafted table name.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000018","reference_id":"","reference_type":"","scores":[{"value":"0.01295","scoring_system":"epss","scoring_elements":"0.80034","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01295","scoring_system":"epss","scoring_elements":"0.8006","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000018"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000018","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000018"},{"reference_url":"https://web.archive.org/web/20210123220317/http://www.securityfocus.com/bid/95738","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123220317/http://www.securityfocus.com/bid/95738"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2017-7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2017-7"},{"reference_url":"http://www.securityfocus.com/bid/95738","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95738"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000018","reference_id":"CVE-2017-1000018","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000018"},{"reference_url":"https://github.com/advisories/GHSA-47qr-f86f-3wm4","reference_id":"GHSA-47qr-f86f-3wm4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-47qr-f86f-3wm4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2017-1000018","GHSA-47qr-f86f-3wm4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-btc1-yng3-ckhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44158?format=json","vulnerability_id":"VCID-cbjd-e3sk-m7bu","summary":"Cross-Site Request Forgery (CSRF)\nAn issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9866","reference_id":"","reference_type":"","scores":[{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.4472","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44791","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9866"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9866","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9866"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20210123194736/http://www.securityfocus.com/bid/94536","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123194736/http://www.securityfocus.com/bid/94536"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-71","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-71"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9866","reference_id":"CVE-2016-9866","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9866"},{"reference_url":"https://github.com/advisories/GHSA-jvxx-8xxf-5495","reference_id":"GHSA-jvxx-8xxf-5495","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jvxx-8xxf-5495"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-9866","GHSA-jvxx-8xxf-5495"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cbjd-e3sk-m7bu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98152?format=json","vulnerability_id":"VCID-crn9-f6qt-qfg5","summary":"libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2039","reference_id":"","reference_type":"","scores":[{"value":"0.00382","scoring_system":"epss","scoring_elements":"0.59897","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00382","scoring_system":"epss","scoring_elements":"0.59944","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-2039"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-crn9-f6qt-qfg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98150?format=json","vulnerability_id":"VCID-cth2-72mg-6yfr","summary":"libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8669","reference_id":"","reference_type":"","scores":[{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65794","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65847","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8669"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8669","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8669"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2015-8669"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cth2-72mg-6yfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98146?format=json","vulnerability_id":"VCID-cz55-m46r-37gb","summary":"Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configuration file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3902","reference_id":"","reference_type":"","scores":[{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44306","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44375","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2206","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2015-3902"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cz55-m46r-37gb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98151?format=json","vulnerability_id":"VCID-d7jk-a94y-n3ca","summary":"phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2038","reference_id":"","reference_type":"","scores":[{"value":"0.01204","scoring_system":"epss","scoring_elements":"0.79276","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01204","scoring_system":"epss","scoring_elements":"0.79302","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2038"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-2038"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d7jk-a94y-n3ca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98165?format=json","vulnerability_id":"VCID-dbk1-n9kh-dfhm","summary":"Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5704","reference_id":"","reference_type":"","scores":[{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.5143","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51368","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5704"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5704","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5704"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/72213573182896bd6a6e5af5ba1881dd87c4a20b","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/72213573182896bd6a6e5af5ba1881dd87c4a20b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5704","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5704"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-20","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-20"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-20/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2016-20/"},{"reference_url":"https://github.com/advisories/GHSA-gcvp-cwgw-wx8j","reference_id":"GHSA-gcvp-cwgw-wx8j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gcvp-cwgw-wx8j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-5704","GHSA-gcvp-cwgw-wx8j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dbk1-n9kh-dfhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98190?format=json","vulnerability_id":"VCID-dfsz-1y13-yug9","summary":"An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9858","reference_id":"","reference_type":"","scores":[{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68419","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.6846","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9858"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9858","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9858"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-9858"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dfsz-1y13-yug9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98156?format=json","vulnerability_id":"VCID-dgvs-kqpd-gfcy","summary":"Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2045","reference_id":"","reference_type":"","scores":[{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.52025","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.52085","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2045"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2045","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2045"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-2045"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dgvs-kqpd-gfcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98184?format=json","vulnerability_id":"VCID-dj5f-y77j-d7dx","summary":"An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9849","reference_id":"","reference_type":"","scores":[{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44277","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53113","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9849"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9849","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9849"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-9849"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dj5f-y77j-d7dx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52410?format=json","vulnerability_id":"VCID-dx3h-z4dg-m3e1","summary":"SQL Injection\nIn phpMyAdmin, an SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in `libraries/classes/Controllers/Table/TableSearchController.php`. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10802","reference_id":"","reference_type":"","scores":[{"value":"0.01229","scoring_system":"epss","scoring_elements":"0.79522","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01229","scoring_system":"epss","scoring_elements":"0.79495","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10802"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10802.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10802.yaml"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-3","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2020-3"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-3/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2020-3/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954665","reference_id":"954665","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954665"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10802","reference_id":"CVE-2020-10802","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10802"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195443?format=json","purl":"pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dmqy-9xth-cuhs"},{"vulnerability":"VCID-gx8h-5h14-dqez"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1"}],"aliases":["CVE-2020-10802","GHSA-f4cr-3xmc-2wpm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dx3h-z4dg-m3e1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98154?format=json","vulnerability_id":"VCID-g2uy-ekyf-4bcj","summary":"Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2043","reference_id":"","reference_type":"","scores":[{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60616","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60664","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2043","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2043"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-2043"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g2uy-ekyf-4bcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38288?format=json","vulnerability_id":"VCID-gmjk-222y-abda","summary":"Information Exposure\nAn issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user session, username, and password are not compromised by this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6625","reference_id":"","reference_type":"","scores":[{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51188","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51126","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6625"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-48","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-48"},{"reference_url":"http://www.securityfocus.com/bid/92491","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/92491"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6625","reference_id":"CVE-2016-6625","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6625"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6625","GHSA-r643-7xfg-ppc5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gmjk-222y-abda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44087?format=json","vulnerability_id":"VCID-gqxb-6rey-rbhv","summary":"phpMyAdmin vulnerable to Cross-site Scripting\nMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5733","reference_id":"","reference_type":"","scores":[{"value":"0.01085","scoring_system":"epss","scoring_elements":"0.78254","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01085","scoring_system":"epss","scoring_elements":"0.78228","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/4d21b5c077db50c2a54b7f569d20f463cc2651f5","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/4d21b5c077db50c2a54b7f569d20f463cc2651f5"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/615212a14d7d87712202f37354acf8581987fc5a","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/615212a14d7d87712202f37354acf8581987fc5a"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/79661610f6f65443e0ec1e382a7240437f28436c","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/79661610f6f65443e0ec1e382a7240437f28436c"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/8716855b309dbe65d7b9a5d681b80579b225b322","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/8716855b309dbe65d7b9a5d681b80579b225b322"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/895a131d2eb7e447757a35d5731c7d647823ea8b","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/895a131d2eb7e447757a35d5731c7d647823ea8b"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/960fd1fd52023047a23d069178bfff7463c2cefc","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/960fd1fd52023047a23d069178bfff7463c2cefc"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/be3ecbb4cca3fbe20e3b3aa4e049902d18b60865","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/be3ecbb4cca3fbe20e3b3aa4e049902d18b60865"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/d648ade18d6cbb796a93261491c121f078df2d88","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/d648ade18d6cbb796a93261491c121f078df2d88"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20200227223017/http://www.securityfocus.com/bid/91390","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227223017/http://www.securityfocus.com/bid/91390"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-26","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-26"},{"reference_url":"http://www.debian.org/security/2016/dsa-3627","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3627"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5733","reference_id":"CVE-2016-5733","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5733"},{"reference_url":"https://github.com/advisories/GHSA-cr65-p662-fx5c","reference_id":"GHSA-cr65-p662-fx5c","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cr65-p662-fx5c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-5733","GHSA-cr65-p662-fx5c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gqxb-6rey-rbhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38279?format=json","vulnerability_id":"VCID-gtps-py3z-13cu","summary":"Code Injection\nAn issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6633","reference_id":"","reference_type":"","scores":[{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.83293","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01833","scoring_system":"epss","scoring_elements":"0.83267","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6633"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-56","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-56"},{"reference_url":"http://www.securityfocus.com/bid/92500","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/92500"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6633","reference_id":"CVE-2016-6633","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6633"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6633","GHSA-p849-vf5f-f3x7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gtps-py3z-13cu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98170?format=json","vulnerability_id":"VCID-gzwb-ju7m-juf7","summary":"A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6610","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55394","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.5545","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6610"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6610"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gzwb-ju7m-juf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98197?format=json","vulnerability_id":"VCID-har4-gaft-m7e8","summary":"An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24529","reference_id":"","reference_type":"","scores":[{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51668","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24529"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2025-2/","reference_id":"PMASA-2025-2","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T15:02:51Z/"}],"url":"https://www.phpmyadmin.net/security/PMASA-2025-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195444?format=json","purl":"pkg:deb/debian/phpmyadmin@4:5.2.1%2Bdfsg-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gx8h-5h14-dqez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.1%252Bdfsg-1%252Bdeb12u1"}],"aliases":["CVE-2025-24529"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-har4-gaft-m7e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98182?format=json","vulnerability_id":"VCID-hbp6-s544-pqaw","summary":"An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file generator_plugin.sh. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6631","reference_id":"","reference_type":"","scores":[{"value":"0.04156","scoring_system":"epss","scoring_elements":"0.88865","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04156","scoring_system":"epss","scoring_elements":"0.88883","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6631"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6631","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6631"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6631"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hbp6-s544-pqaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98157?format=json","vulnerability_id":"VCID-hw5n-kv9r-8yej","summary":"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2560","reference_id":"","reference_type":"","scores":[{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80346","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80371","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-2560"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hw5n-kv9r-8yej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38670?format=json","vulnerability_id":"VCID-j589-8hrn-9bae","summary":"Improper Input Validation\nA weakness was discovered where an attacker can inject arbitrary values in to the browser cookies.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000016","reference_id":"","reference_type":"","scores":[{"value":"0.00488","scoring_system":"epss","scoring_elements":"0.65823","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00488","scoring_system":"epss","scoring_elements":"0.65876","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000016"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000016","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000016"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/3b6ed1f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/3b6ed1f"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2017-5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2017-5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000016","reference_id":"CVE-2017-1000016","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000016"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2017-1000016","GHSA-j2cq-h6v2-f875"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j589-8hrn-9bae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98183?format=json","vulnerability_id":"VCID-jabw-t2hb-q3e9","summary":"An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9848","reference_id":"","reference_type":"","scores":[{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.567","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56752","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9848"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9848","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9848"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-9848"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jabw-t2hb-q3e9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98174?format=json","vulnerability_id":"VCID-jemb-avnk-c7eb","summary":"An issue was discovered in phpMyAdmin. In the \"User group\" and \"Designer\" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6616","reference_id":"","reference_type":"","scores":[{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.5312","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53182","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6616"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6616"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jemb-avnk-c7eb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38274?format=json","vulnerability_id":"VCID-jmn8-a5r9-2qc8","summary":"Improper Input Validation\nAn issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with `$cfg['AllowArbitraryServer']=true`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6622","reference_id":"","reference_type":"","scores":[{"value":"0.00944","scoring_system":"epss","scoring_elements":"0.7669","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00944","scoring_system":"epss","scoring_elements":"0.7666","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6622"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20210125183746/http://www.securityfocus.com/bid/95049","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210125183746/http://www.securityfocus.com/bid/95049"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-45","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-45"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6622","reference_id":"CVE-2016-6622","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6622"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6622","GHSA-qf3f-7x69-qfv3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jmn8-a5r9-2qc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98167?format=json","vulnerability_id":"VCID-jxf7-1cq4-t3cv","summary":"phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5734","reference_id":"","reference_type":"","scores":[{"value":"0.87019","scoring_system":"epss","scoring_elements":"0.99456","published_at":"2026-06-04T12:55:00Z"},{"value":"0.87019","scoring_system":"epss","scoring_elements":"0.99457","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5734"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/1cc7466db3a05e95fe57a6702f41773e6829d54b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/1cc7466db3a05e95fe57a6702f41773e6829d54b"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/4bcc606225f15bac0b07780e74f667f6ac283da7","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/4bcc606225f15bac0b07780e74f667f6ac283da7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5734","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5734"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20200227223418/http://www.securityfocus.com/bid/91387","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227223418/http://www.securityfocus.com/bid/91387"},{"reference_url":"https://www.exploit-db.com/exploits/40185","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/40185"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-27","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-27"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40185.py","reference_id":"CVE-2016-5734","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/40185.py"},{"reference_url":"https://github.com/advisories/GHSA-rv57-479x-x4qv","reference_id":"GHSA-rv57-479x-x4qv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rv57-479x-x4qv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-5734","GHSA-rv57-479x-x4qv"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jxf7-1cq4-t3cv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38149?format=json","vulnerability_id":"VCID-k5ph-wws1-fqg4","summary":"Cross-site Scripting\nCross-site scripting (XSS) vulnerability in `examples/openid.php` in phpMyAdmin allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5731","reference_id":"","reference_type":"","scores":[{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62546","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.625","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/418aeea3d83b0b6021bac311d849570acfc6e48c","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/418aeea3d83b0b6021bac311d849570acfc6e48c"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/52e7898","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/52e7898"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/5fefa51","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/5fefa51"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/78f6c54","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/78f6c54"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/94cf3864254ffaf3a69e97d8fc454888368b94ab","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/94cf3864254ffaf3a69e97d8fc454888368b94ab"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/d005ba6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/d005ba6"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-24","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-24"},{"reference_url":"http://www.debian.org/security/2016/dsa-3627","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3627"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5731","reference_id":"CVE-2016-5731","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5731"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-5731","GHSA-mwm8-36c5-j5cf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k5ph-wws1-fqg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52056?format=json","vulnerability_id":"VCID-kfr7-v6tb-eqau","summary":"SQL Injection\nA crafted database/table name can be used to trigger a SQL injection attack through the designer feature.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18622","reference_id":"","reference_type":"","scores":[{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68544","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68503","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18622"},{"reference_url":"https://github.com/phpmyadmin/composer/commit/51acbf53564d9b52e78509a5688ec2b68976b5f7","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer/commit/51acbf53564d9b52e78509a5688ec2b68976b5f7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH/"},{"reference_url":"https://security.gentoo.org/glsa/202003-39","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202003-39"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2019-5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2019-5"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2019-5/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2019-5/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945349","reference_id":"945349","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945349"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18622","reference_id":"CVE-2019-18622","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18622"},{"reference_url":"https://github.com/advisories/GHSA-jgjc-332c-8cmc","reference_id":"GHSA-jgjc-332c-8cmc","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jgjc-332c-8cmc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195443?format=json","purl":"pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dmqy-9xth-cuhs"},{"vulnerability":"VCID-gx8h-5h14-dqez"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1"}],"aliases":["CVE-2019-18622","GHSA-jgjc-332c-8cmc"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kfr7-v6tb-eqau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39583?format=json","vulnerability_id":"VCID-kfrx-mmr7-euep","summary":"Cross-Site Request Forgery (CSRF)\nphpMyAdm has CSRF, allowing an attacker to execute arbitrary SQL statements, related to `js/db_operations.js`, `js/tbl_operations.js`, `libraries/classes/Operations.php`, and `sql.php.`","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10188","reference_id":"","reference_type":"","scores":[{"value":"0.0065","scoring_system":"epss","scoring_elements":"0.71236","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0065","scoring_system":"epss","scoring_elements":"0.7128","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10188"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10188","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10188"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/c6dd6b56e236a3aff953cee4135ecaa67130e641","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/c6dd6b56e236a3aff953cee4135ecaa67130e641"},{"reference_url":"https://www.exploit-db.com/exploits/44496","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/44496"},{"reference_url":"https://www.exploit-db.com/exploits/44496/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/44496/"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2018-2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2018-2"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2018-2/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2018-2/"},{"reference_url":"http://www.securityfocus.com/bid/103936","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/103936"},{"reference_url":"http://www.securitytracker.com/id/1040752","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1040752"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896490","reference_id":"896490","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896490"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44496.html","reference_id":"CVE-2018-10188","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44496.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10188","reference_id":"CVE-2018-10188","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10188"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195443?format=json","purl":"pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dmqy-9xth-cuhs"},{"vulnerability":"VCID-gx8h-5h14-dqez"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1"}],"aliases":["CVE-2018-10188","GHSA-v6fp-h79x-9rqc"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kfrx-mmr7-euep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98171?format=json","vulnerability_id":"VCID-kwtj-jk24-zffq","summary":"An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6611","reference_id":"","reference_type":"","scores":[{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68338","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68381","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6611"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6611","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6611"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6611"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kwtj-jk24-zffq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44313?format=json","vulnerability_id":"VCID-m2g6-2ztp-tuam","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nSQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-22452","reference_id":"","reference_type":"","scores":[{"value":"0.03245","scoring_system":"epss","scoring_elements":"0.87375","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03245","scoring_system":"epss","scoring_elements":"0.87353","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-22452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22452"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/bc982466f08ddccad4804ba928f84ff8e25107cb","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/bc982466f08ddccad4804ba928f84ff8e25107cb"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/issues/15898","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-01T14:07:49Z/"}],"url":"https://github.com/phpmyadmin/phpmyadmin/issues/15898"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/pull/16004","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-01T14:07:49Z/"}],"url":"https://github.com/phpmyadmin/phpmyadmin/pull/16004"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/blob/master/ChangeLog","reference_id":"ChangeLog","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-01T14:07:49Z/"}],"url":"https://github.com/phpmyadmin/phpmyadmin/blob/master/ChangeLog"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22452","reference_id":"CVE-2020-22452","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22452"},{"reference_url":"https://github.com/advisories/GHSA-prcg-mc23-hgjh","reference_id":"GHSA-prcg-mc23-hgjh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-prcg-mc23-hgjh"},{"reference_url":"http://phpmyadmin.com","reference_id":"phpmyadmin.com","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-01T14:07:49Z/"}],"url":"http://phpmyadmin.com"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195443?format=json","purl":"pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dmqy-9xth-cuhs"},{"vulnerability":"VCID-gx8h-5h14-dqez"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1"}],"aliases":["CVE-2020-22452","GHSA-prcg-mc23-hgjh"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m2g6-2ztp-tuam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44442?format=json","vulnerability_id":"VCID-m3kq-1cfg-mkgc","summary":"Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin\nIn phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger Cross-site Scripting (XSS) by uploading a crafted .sql file through the drag-and-drop interface. By disabling the configuration directive `$cfg['enable_drag_drop_import']`, users will be unable to use the drag and drop upload which would protect against the vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25727","reference_id":"","reference_type":"","scores":[{"value":"0.09658","scoring_system":"epss","scoring_elements":"0.93059","published_at":"2026-06-05T12:55:00Z"},{"value":"0.09658","scoring_system":"epss","scoring_elements":"0.93048","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25727"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25727","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25727"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/53f70fd7f3b388639922e6cc1ca51fbe890c91cc","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/53f70fd7f3b388639922e6cc1ca51fbe890c91cc"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2023-1","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2023-1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25727","reference_id":"CVE-2023-25727","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25727"},{"reference_url":"https://github.com/advisories/GHSA-6hr3-44gx-g6wh","reference_id":"GHSA-6hr3-44gx-g6wh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6hr3-44gx-g6wh"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2023-1/","reference_id":"PMASA-2023-1","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:52:37Z/"}],"url":"https://www.phpmyadmin.net/security/PMASA-2023-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195444?format=json","purl":"pkg:deb/debian/phpmyadmin@4:5.2.1%2Bdfsg-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gx8h-5h14-dqez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.1%252Bdfsg-1%252Bdeb12u1"}],"aliases":["CVE-2023-25727","GHSA-6hr3-44gx-g6wh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m3kq-1cfg-mkgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98192?format=json","vulnerability_id":"VCID-m59w-cug5-wbe2","summary":"An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9862","reference_id":"","reference_type":"","scores":[{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61341","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61389","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9862"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9862","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9862"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-9862"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m59w-cug5-wbe2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38285?format=json","vulnerability_id":"VCID-mgu4-pf1x-r3dy","summary":"Cross-site Scripting\nXSS issues were discovered in phpMyAdmin. This affects the database privilege check and the \"Remove partitioning\" functionality. Specially crafted database names can trigger the XSS attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6608","reference_id":"","reference_type":"","scores":[{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55129","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.5507","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6608"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-31","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-31"},{"reference_url":"http://www.securityfocus.com/bid/93258","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/93258"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6608","reference_id":"CVE-2016-6608","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6608"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6608","GHSA-jfmj-27fp-qp67"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mgu4-pf1x-r3dy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98149?format=json","vulnerability_id":"VCID-mxn5-bh7q-gkdb","summary":"The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171311.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171311.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171326.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171326.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169987.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169987.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7873.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7873.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7873","reference_id":"","reference_type":"","scores":[{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.7057","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70612","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2206","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/2b31866fe0b30b867aaf5b5fedb11adb354e037f","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/2b31866fe0b30b867aaf5b5fedb11adb354e037f"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7873","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7873"},{"reference_url":"https://web.archive.org/web/20161014120907/http://www.securitytracker.com/id/1034013","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161014120907/http://www.securitytracker.com/id/1034013"},{"reference_url":"https://web.archive.org/web/20200228052850/http://www.securityfocus.com/bid/77299","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228052850/http://www.securityfocus.com/bid/77299"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2015-5","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2015-5"},{"reference_url":"http://www.debian.org/security/2015/dsa-3382","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3382"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1275108","reference_id":"1275108","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1275108"},{"reference_url":"https://github.com/advisories/GHSA-5pmg-qh2c-7j24","reference_id":"GHSA-5pmg-qh2c-7j24","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5pmg-qh2c-7j24"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2015-7873","GHSA-5pmg-qh2c-7j24"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mxn5-bh7q-gkdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52077?format=json","vulnerability_id":"VCID-mzuh-5e5y-d3hr","summary":"Improper Neutralization of Escape, Meta, or Control Sequences\nphpMyAdmin does not escape certain Git information, related to `libraries/classes/Display/GitRevision.php` and `libraries/classes/Footer.php`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19617","reference_id":"","reference_type":"","scores":[{"value":"0.00997","scoring_system":"epss","scoring_elements":"0.77304","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00997","scoring_system":"epss","scoring_elements":"0.77333","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19617"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/compare/RELEASE_4_9_1...RELEASE_4_9_2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/compare/RELEASE_4_9_1...RELEASE_4_9_2"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00006.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html"},{"reference_url":"https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released"},{"reference_url":"https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19617","reference_id":"CVE-2019-19617","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19617"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195443?format=json","purl":"pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dmqy-9xth-cuhs"},{"vulnerability":"VCID-gx8h-5h14-dqez"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1"}],"aliases":["CVE-2019-19617","GHSA-pgph-mc4p-f8c3"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mzuh-5e5y-d3hr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98175?format=json","vulnerability_id":"VCID-n53q-r421-affh","summary":"An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6617","reference_id":"","reference_type":"","scores":[{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54322","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54379","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6617"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6617"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n53q-r421-affh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38278?format=json","vulnerability_id":"VCID-n66y-s36g-fqck","summary":"Improper Input Validation\nAn issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with `$cfg['AllowArbitraryServer']=true`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9860","reference_id":"","reference_type":"","scores":[{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72539","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72579","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9860"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-65","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-65"},{"reference_url":"http://www.securityfocus.com/bid/94525","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/94525"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9860","reference_id":"CVE-2016-9860","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9860"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-9860","GHSA-3hw5-fffc-qrg4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n66y-s36g-fqck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97888?format=json","vulnerability_id":"VCID-np5w-chxm-cyak","summary":"The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8980","reference_id":"","reference_type":"","scores":[{"value":"0.04573","scoring_system":"epss","scoring_elements":"0.89396","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04573","scoring_system":"epss","scoring_elements":"0.89414","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8980","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8980"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851770","reference_id":"851770","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851770"},{"reference_url":"https://usn.ubuntu.com/USN-4779-1/","reference_id":"USN-USN-4779-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4779-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2015-8980"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-np5w-chxm-cyak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38283?format=json","vulnerability_id":"VCID-nuju-ekmt-k7g9","summary":"Improper Input Validation\nAn issue was discovered in phpMyAdmin involving the `$cfg['ArbitraryServerRegexp']` configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by `ArbitraryServerRegexp`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6629","reference_id":"","reference_type":"","scores":[{"value":"0.00977","scoring_system":"epss","scoring_elements":"0.77051","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00977","scoring_system":"epss","scoring_elements":"0.77083","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6629"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6629","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6629"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20210725054025/http://www.securityfocus.com/bid/92493","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210725054025/http://www.securityfocus.com/bid/92493"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-52","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-52"},{"reference_url":"http://www.securityfocus.com/bid/92493","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/92493"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6629","reference_id":"CVE-2016-6629","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6629"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6629","GHSA-567r-vqj7-5cw7"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nuju-ekmt-k7g9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38271?format=json","vulnerability_id":"VCID-nv3j-xj42-wfcw","summary":"Incomplete List of Disallowed Inputs\nAn issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9861","reference_id":"","reference_type":"","scores":[{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.4492","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44989","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9861"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9861","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9861"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-66","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-66"},{"reference_url":"http://www.securityfocus.com/bid/94535","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/94535"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9861","reference_id":"CVE-2016-9861","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9861"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-9861","GHSA-r326-mp8g-6xfc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nv3j-xj42-wfcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39428?format=json","vulnerability_id":"VCID-p1jn-sxds-mqd1","summary":"Cross-site Scripting\nCross-site scripting (XSS) vulnerability in `db_central_columns.php` in phpMyAdm allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7260","reference_id":"","reference_type":"","scores":[{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53817","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.5376","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7260"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7260","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7260"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3"},{"reference_url":"https://udiniya.wordpress.com/2018/02/21/a-tale-of-stealing-session-cookie-in-phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://udiniya.wordpress.com/2018/02/21/a-tale-of-stealing-session-cookie-in-phpmyadmin"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2018-1","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2018-1"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2018-1/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2018-1/"},{"reference_url":"http://www.securityfocus.com/bid/103099","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/103099"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893539","reference_id":"893539","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893539"},{"reference_url":"https://security.archlinux.org/ASA-201802-11","reference_id":"ASA-201802-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201802-11"},{"reference_url":"https://security.archlinux.org/AVG-630","reference_id":"AVG-630","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-630"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7260","reference_id":"CVE-2018-7260","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7260"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195443?format=json","purl":"pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dmqy-9xth-cuhs"},{"vulnerability":"VCID-gx8h-5h14-dqez"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1"}],"aliases":["CVE-2018-7260","GHSA-gqmj-f46x-wqhw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p1jn-sxds-mqd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98189?format=json","vulnerability_id":"VCID-p361-saxs-97g9","summary":"An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the PMA_shutdownDuringExport issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9855","reference_id":"","reference_type":"","scores":[{"value":"0.00501","scoring_system":"epss","scoring_elements":"0.6637","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00501","scoring_system":"epss","scoring_elements":"0.66411","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9855"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-9855"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p361-saxs-97g9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38045?format=json","vulnerability_id":"VCID-pfdk-db4h-47dx","summary":"Cross-site Scripting\nA Cross-site scripting (XSS) vulnerability in the format function in `libraries/sql-parser/src/Utils/Error.php` in the SQL parser in phpMyAdmin allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2559","reference_id":"","reference_type":"","scores":[{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50647","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00269","scoring_system":"epss","scoring_elements":"0.50585","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2559"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2559","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2559"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/3a6a9a807d99371ee126635e1a505fc1fe0df32c","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/3a6a9a807d99371ee126635e1a505fc1fe0df32c"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-10","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-10"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-10/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2016-10/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2559","reference_id":"CVE-2016-2559","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2559"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-2559","GHSA-7rf8-9r8f-qf59"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pfdk-db4h-47dx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98145?format=json","vulnerability_id":"VCID-pnry-rv8t-v3ff","summary":"libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2206","reference_id":"","reference_type":"","scores":[{"value":"0.00916","scoring_system":"epss","scoring_elements":"0.76298","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00916","scoring_system":"epss","scoring_elements":"0.76326","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2206","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2015-2206"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pnry-rv8t-v3ff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98195?format=json","vulnerability_id":"VCID-q2wv-kbra-5kg8","summary":"An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9865","reference_id":"","reference_type":"","scores":[{"value":"0.01202","scoring_system":"epss","scoring_elements":"0.79258","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01202","scoring_system":"epss","scoring_elements":"0.79284","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9865"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-9865"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q2wv-kbra-5kg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39595?format=json","vulnerability_id":"VCID-q45d-5bf4-tff5","summary":"Improper Privilege Management\nAn issue was discovered in `libraries/common` which allows users who have no password set to log in even if the administrator has set `$cfg['Servers'][$i]['AllowNoPassword']` to `false` (which is also the default).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18264","reference_id":"","reference_type":"","scores":[{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.54","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.54057","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18264"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18264","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18264"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2017-8","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2017-8"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2017-8/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2017-8/"},{"reference_url":"http://www.securityfocus.com/bid/97211","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/97211"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18264","reference_id":"CVE-2017-18264","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18264"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2017-18264","GHSA-5868-g58j-vrj5"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q45d-5bf4-tff5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38273?format=json","vulnerability_id":"VCID-q7pe-bvr1-g3bc","summary":"Cryptographic Issues\nAn issue was discovered in phpMyAdmin. When the user does not specify a `blowfish_secret` key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's `blowfish_secret` and potentially decrypt their cookies.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9847","reference_id":"","reference_type":"","scores":[{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62854","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62896","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9847"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9847","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9847"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20210123194700/http://www.securityfocus.com/bid/94524","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123194700/http://www.securityfocus.com/bid/94524"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-58","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-58"},{"reference_url":"http://www.securityfocus.com/bid/94524","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94524"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9847","reference_id":"CVE-2016-9847","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9847"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-9847","GHSA-9xhq-pm7v-693p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q7pe-bvr1-g3bc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41052?format=json","vulnerability_id":"VCID-q7rn-1612-quau","summary":"SQL Injection\nA vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11768","reference_id":"","reference_type":"","scores":[{"value":"0.01109","scoring_system":"epss","scoring_elements":"0.78468","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01109","scoring_system":"epss","scoring_elements":"0.78495","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11768"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11768","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11768"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/c1ecafc38319e8f768c9259d4d580e42acd5ee86","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/c1ecafc38319e8f768c9259d4d580e42acd5ee86"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2019-3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2019-3"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2019-3/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2019-3/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930048","reference_id":"930048","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930048"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11768","reference_id":"CVE-2019-11768","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11768"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195443?format=json","purl":"pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dmqy-9xth-cuhs"},{"vulnerability":"VCID-gx8h-5h14-dqez"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1"}],"aliases":["CVE-2019-11768","GHSA-x37v-98f9-mj32"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q7rn-1612-quau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98188?format=json","vulnerability_id":"VCID-q7zq-5xpn-93dd","summary":"An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the json_decode issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9854","reference_id":"","reference_type":"","scores":[{"value":"0.00501","scoring_system":"epss","scoring_elements":"0.6637","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00501","scoring_system":"epss","scoring_elements":"0.66411","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9854"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9854","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9854"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-9854"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q7zq-5xpn-93dd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98193?format=json","vulnerability_id":"VCID-qeac-129m-1udw","summary":"An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9863","reference_id":"","reference_type":"","scores":[{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.7106","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.71103","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9863"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9863","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9863"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9863","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9863"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20210123194704/http://www.securityfocus.com/bid/94526","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123194704/http://www.securityfocus.com/bid/94526"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-68","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-68"},{"reference_url":"https://github.com/advisories/GHSA-qgrq-64g6-mmh6","reference_id":"GHSA-qgrq-64g6-mmh6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qgrq-64g6-mmh6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-9863","GHSA-qgrq-64g6-mmh6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qeac-129m-1udw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53706?format=json","vulnerability_id":"VCID-qmj2-pxvt-zqes","summary":"Cross-site Scripting\nphpMyAdmin allows XSS through the transformation feature via a crafted link.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26934","reference_id":"","reference_type":"","scores":[{"value":"0.02788","scoring_system":"epss","scoring_elements":"0.86377","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02788","scoring_system":"epss","scoring_elements":"0.86354","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26934"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-26934.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-26934.yaml"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5"},{"reference_url":"https://security.gentoo.org/glsa/202101-35","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202101-35"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-5","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2020-5"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-5/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2020-5/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971999","reference_id":"971999","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971999"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26934","reference_id":"CVE-2020-26934","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26934"},{"reference_url":"https://github.com/advisories/GHSA-6349-53vr-7hcr","reference_id":"GHSA-6349-53vr-7hcr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6349-53vr-7hcr"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195443?format=json","purl":"pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dmqy-9xth-cuhs"},{"vulnerability":"VCID-gx8h-5h14-dqez"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1"}],"aliases":["CVE-2020-26934","GHSA-6349-53vr-7hcr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qmj2-pxvt-zqes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44050?format=json","vulnerability_id":"VCID-qpj7-uk5e-nbez","summary":"phpMyAdmin vulnerable to Cross-site Scripting\nsetup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5701","reference_id":"","reference_type":"","scores":[{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64392","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64348","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/1dca386505f396f0c2035112a403cc80768a141f","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/1dca386505f396f0c2035112a403cc80768a141f"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/5633b1d57b23ddaa5a9a976a323c90c18d9be03d","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/5633b1d57b23ddaa5a9a976a323c90c18d9be03d"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/bf7379771f4b32e01f4af3b36f8ec6900288688e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/bf7379771f4b32e01f4af3b36f8ec6900288688e"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20200227223408/http://www.securityfocus.com/bid/91383","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227223408/http://www.securityfocus.com/bid/91383"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-17","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-17"},{"reference_url":"http://www.debian.org/security/2016/dsa-3627","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3627"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5701","reference_id":"CVE-2016-5701","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5701"},{"reference_url":"https://github.com/advisories/GHSA-rh74-5835-jpxp","reference_id":"GHSA-rh74-5835-jpxp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rh74-5835-jpxp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-5701","GHSA-rh74-5835-jpxp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qpj7-uk5e-nbez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38276?format=json","vulnerability_id":"VCID-qqyb-zags-bbhz","summary":"Incomplete Cleanup\nAn issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6632","reference_id":"","reference_type":"","scores":[{"value":"0.00574","scoring_system":"epss","scoring_elements":"0.69162","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00574","scoring_system":"epss","scoring_elements":"0.69122","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6632"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-55","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-55"},{"reference_url":"http://www.securityfocus.com/bid/92497","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/92497"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6632","reference_id":"CVE-2016-6632","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6632"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6632","GHSA-426q-975p-w5cr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qqyb-zags-bbhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98172?format=json","vulnerability_id":"VCID-r3z5-cc6j-8yg6","summary":"An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6614","reference_id":"","reference_type":"","scores":[{"value":"0.0111","scoring_system":"epss","scoring_elements":"0.7848","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0111","scoring_system":"epss","scoring_elements":"0.78506","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6614"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6614"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r3z5-cc6j-8yg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40501?format=json","vulnerability_id":"VCID-r4zz-m2mr-9qeb","summary":"Cross-Site Request Forgery (CSRF)\nBy deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new `tables/routines`, deleting designer pages, `adding/deleting` users, updating user passwords, killing SQL processes.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19969","reference_id":"","reference_type":"","scores":[{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63408","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63451","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19969"},{"reference_url":"https://security.gentoo.org/glsa/201904-16","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201904-16"},{"reference_url":"https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/106175","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/106175"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2018-7","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2018-7"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2018-7/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2018-7/"},{"reference_url":"http://www.securityfocus.com/bid/106175","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106175"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19969","reference_id":"CVE-2018-19969","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19969"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195443?format=json","purl":"pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dmqy-9xth-cuhs"},{"vulnerability":"VCID-gx8h-5h14-dqez"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1"}],"aliases":["CVE-2018-19969","GHSA-xwf2-53mc-r8hx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r4zz-m2mr-9qeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44163?format=json","vulnerability_id":"VCID-r9sb-489v-fqc9","summary":"phpMyAdmin Cryptographic Vulnerability\nThe suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1927","reference_id":"","reference_type":"","scores":[{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70629","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70672","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/2369daa7f5f550797f560e6b46a021e4558c2d72","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/2369daa7f5f550797f560e6b46a021e4558c2d72"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/5530a72e162fab442218486a90ff3365c96fde98","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/5530a72e162fab442218486a90ff3365c96fde98"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/6a96e67487f2faecb4de4204fee9b96b94020720","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/6a96e67487f2faecb4de4204fee9b96b94020720"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/8b6737735be5787d0b98c6cdfe2c7e3131b1bc95","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/8b6737735be5787d0b98c6cdfe2c7e3131b1bc95"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/8dedcc1a175eb07debd4fe116407c43694c60b22","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/8dedcc1a175eb07debd4fe116407c43694c60b22"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/912856b432d794201884c36e5f390d446339b6e4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/912856b432d794201884c36e5f390d446339b6e4"},{"reference_url":"http://www.debian.org/security/2016/dsa-3627","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3627"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2016-4.php","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2016-4.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1927","reference_id":"CVE-2016-1927","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1927"},{"reference_url":"https://github.com/advisories/GHSA-4gmg-gwjh-3mmr","reference_id":"GHSA-4gmg-gwjh-3mmr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4gmg-gwjh-3mmr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-1927","GHSA-4gmg-gwjh-3mmr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r9sb-489v-fqc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38275?format=json","vulnerability_id":"VCID-rc63-nakx-ebbe","summary":"Cross-site Scripting\nAn issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9857","reference_id":"","reference_type":"","scores":[{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49373","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49434","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9857"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9857","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9857"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20210123194716/http://www.securityfocus.com/bid/94530","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123194716/http://www.securityfocus.com/bid/94530"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-64","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-64"},{"reference_url":"http://www.securityfocus.com/bid/94530","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94530"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9857","reference_id":"CVE-2016-9857","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9857"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-9857","GHSA-hmmx-wxh4-9w8w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rc63-nakx-ebbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98191?format=json","vulnerability_id":"VCID-rsrk-jwbt-qfhe","summary":"An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9859","reference_id":"","reference_type":"","scores":[{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68419","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.6846","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9859"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9859","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9859"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-9859"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rsrk-jwbt-qfhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39990?format=json","vulnerability_id":"VCID-rx9z-rdmm-5fg6","summary":"Cross-site Scripting\nAn issue was discovered in `js/designer/move.js` in phpMyAdm A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12581","reference_id":"","reference_type":"","scores":[{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60579","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60627","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12581","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12581"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/6943fff87324bd54c3a37a5160a5fb77498c355e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/6943fff87324bd54c3a37a5160a5fb77498c355e"},{"reference_url":"https://web.archive.org/web/20210124181711/http://www.securityfocus.com/bid/104530","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210124181711/http://www.securityfocus.com/bid/104530"},{"reference_url":"https://web.archive.org/web/20210413204012/http://www.securitytracker.com/id/1041187","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210413204012/http://www.securitytracker.com/id/1041187"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2018-3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2018-3"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2018-3/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2018-3/"},{"reference_url":"http://www.securityfocus.com/bid/104530","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/104530"},{"reference_url":"http://www.securitytracker.com/id/1041187","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1041187"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12581","reference_id":"CVE-2018-12581","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12581"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195443?format=json","purl":"pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dmqy-9xth-cuhs"},{"vulnerability":"VCID-gx8h-5h14-dqez"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1"}],"aliases":["CVE-2018-12581","GHSA-vxj6-pm6r-23hq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rx9z-rdmm-5fg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98166?format=json","vulnerability_id":"VCID-rxz2-tx2n-k3bd","summary":"Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5732","reference_id":"","reference_type":"","scores":[{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45165","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45097","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5732"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/0815af37f483f329f0c0565d68821fea9c47b5f5","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/0815af37f483f329f0c0565d68821fea9c47b5f5"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/792cd1262f012b9b13639519d414f2acaeb5e972","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/792cd1262f012b9b13639519d414f2acaeb5e972"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5732","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5732"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-25","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-25"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-25/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2016-25/"},{"reference_url":"https://github.com/advisories/GHSA-3q28-xfw3-2q35","reference_id":"GHSA-3q28-xfw3-2q35","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3q28-xfw3-2q35"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-5732","GHSA-3q28-xfw3-2q35"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rxz2-tx2n-k3bd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38280?format=json","vulnerability_id":"VCID-rz6q-hthe-1uer","summary":"Information Exposure\nAn issue was discovered in phpMyAdmin. A user can exploit the \"LOAD LOCAL INFILE\" functionality to expose files on the server to the database system.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6612","reference_id":"","reference_type":"","scores":[{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55792","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55735","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6612"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6612","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6612"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-35","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-35"},{"reference_url":"http://www.securityfocus.com/bid/94113","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/94113"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6612","reference_id":"CVE-2016-6612","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6612"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6612","GHSA-fcgm-62p3-f7cm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rz6q-hthe-1uer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98147?format=json","vulnerability_id":"VCID-s88e-r2gd-9yep","summary":"libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3903","reference_id":"","reference_type":"","scores":[{"value":"0.01171","scoring_system":"epss","scoring_elements":"0.79013","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01171","scoring_system":"epss","scoring_elements":"0.7904","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2206","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2015-3903"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s88e-r2gd-9yep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38284?format=json","vulnerability_id":"VCID-segg-gk79-9bc6","summary":"Improper Input Validation\nAn issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9851","reference_id":"","reference_type":"","scores":[{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47589","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47525","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9851"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9851","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9851"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-62","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-62"},{"reference_url":"http://www.securityfocus.com/bid/94534","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/94534"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9851","reference_id":"CVE-2016-9851","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9851"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-9851","GHSA-r2vw-p77f-vc27"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-segg-gk79-9bc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43887?format=json","vulnerability_id":"VCID-tvfz-v881-sufp","summary":"phpMyAdmin Denial Of Service (DOS) attack\njs/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5706","reference_id":"","reference_type":"","scores":[{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.8633","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86352","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/4767f24ea4c1e3822ce71a636c341e8ad8d07aa6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/4767f24ea4c1e3822ce71a636c341e8ad8d07aa6"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/805225a28c1428d7809e613c731c2126960e98df","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/805225a28c1428d7809e613c731c2126960e98df"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/abb3685c8702de887988fee31a97ef4d80d856a1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/abb3685c8702de887988fee31a97ef4d80d856a1"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-22","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-22"},{"reference_url":"http://www.debian.org/security/2016/dsa-3627","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3627"},{"reference_url":"http://www.securityfocus.com/bid/91376","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/91376"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5706","reference_id":"CVE-2016-5706","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5706"},{"reference_url":"https://github.com/advisories/GHSA-9rmm-8fp4-26hv","reference_id":"GHSA-9rmm-8fp4-26hv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9rmm-8fp4-26hv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-5706","GHSA-9rmm-8fp4-26hv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tvfz-v881-sufp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38679?format=json","vulnerability_id":"VCID-txba-1at4-ekg2","summary":"URL Redirection to Untrusted Site (Open Redirect)\nphpMyAdmin is vulnerable to an open redirect weakness.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000013","reference_id":"","reference_type":"","scores":[{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47182","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00239","scoring_system":"epss","scoring_elements":"0.47248","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000013"},{"reference_url":"https://web.archive.org/web/20210123220100/http://www.securityfocus.com/bid/95720","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123220100/http://www.securityfocus.com/bid/95720"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2017-1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2017-1"},{"reference_url":"http://www.securityfocus.com/bid/95720","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95720"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000013","reference_id":"CVE-2017-1000013","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000013"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2017-1000013","GHSA-5h5m-fj48-qpjw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-txba-1at4-ekg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98148?format=json","vulnerability_id":"VCID-uc6b-5sj1-9yg2","summary":"libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166294.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166294.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166307.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166307.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166531.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166531.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6830","reference_id":"","reference_type":"","scores":[{"value":"0.21219","scoring_system":"epss","scoring_elements":"0.95784","published_at":"2026-06-05T12:55:00Z"},{"value":"0.21219","scoring_system":"epss","scoring_elements":"0.95778","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2206","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/0314e67900f01410bc8c81c58a40dc0515e3c91d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/0314e67900f01410bc8c81c58a40dc0515e3c91d"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/785f4e2711848eb8945894199d5870253a88584e","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/785f4e2711848eb8945894199d5870253a88584e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-6830","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-6830"},{"reference_url":"https://web.archive.org/web/20200228052837/http://www.securityfocus.com/bid/76674","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228052837/http://www.securityfocus.com/bid/76674"},{"reference_url":"https://web.archive.org/web/20211215060142/http://www.securitytracker.com/id/1033546","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20211215060142/http://www.securitytracker.com/id/1033546"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2015-4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2015-4"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2015-4/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2015-4/"},{"reference_url":"http://www.debian.org/security/2015/dsa-3382","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3382"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/52414.py","reference_id":"CVE-2015-6830","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/52414.py"},{"reference_url":"https://github.com/advisories/GHSA-v6fh-vg22-r6cm","reference_id":"GHSA-v6fh-vg22-r6cm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v6fh-vg22-r6cm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2015-6830","GHSA-v6fh-vg22-r6cm"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uc6b-5sj1-9yg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38277?format=json","vulnerability_id":"VCID-utga-335m-dua9","summary":"Cross-site Scripting\nAn XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9856","reference_id":"","reference_type":"","scores":[{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49434","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49373","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9856"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20210123194716/http://www.securityfocus.com/bid/94530","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123194716/http://www.securityfocus.com/bid/94530"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-64","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-64"},{"reference_url":"http://www.securityfocus.com/bid/94530","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94530"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9856","reference_id":"CVE-2016-9856","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9856"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-9856","GHSA-j8mx-x32r-5rf4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-utga-335m-dua9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98186?format=json","vulnerability_id":"VCID-v1kx-5wa1-r7he","summary":"An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the curl wrapper issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9852","reference_id":"","reference_type":"","scores":[{"value":"0.00501","scoring_system":"epss","scoring_elements":"0.6637","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00501","scoring_system":"epss","scoring_elements":"0.66411","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9852"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9852","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9852"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-9852"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v1kx-5wa1-r7he"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98194?format=json","vulnerability_id":"VCID-vpf2-5j4s-jqeb","summary":"An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9864","reference_id":"","reference_type":"","scores":[{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48175","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.62193","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9864"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9864","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9864"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-9864"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vpf2-5j4s-jqeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98181?format=json","vulnerability_id":"VCID-vxc7-fwud-33an","summary":"An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6630","reference_id":"","reference_type":"","scores":[{"value":"0.0069","scoring_system":"epss","scoring_elements":"0.72171","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0069","scoring_system":"epss","scoring_elements":"0.72213","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6630"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6630","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6630"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6630"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vxc7-fwud-33an"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51809?format=json","vulnerability_id":"VCID-w6nk-akeh-4ufg","summary":"Cross-Site Request Forgery (CSRF)\nA CSRF issue in phpMyAdmin allows deletion of any server in the Setup page.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html"},{"reference_url":"http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12922","reference_id":"","reference_type":"","scores":[{"value":"0.31957","scoring_system":"epss","scoring_elements":"0.96908","published_at":"2026-06-04T12:55:00Z"},{"value":"0.31957","scoring_system":"epss","scoring_elements":"0.96912","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12922"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Sep/23","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2019/Sep/23"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN"},{"reference_url":"https://www.exploit-db.com/exploits/47385","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/47385"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/47385.txt","reference_id":"CVE-2019-12922","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/47385.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12922","reference_id":"CVE-2019-12922","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12922"},{"reference_url":"https://github.com/advisories/GHSA-4c9q-64gq-xhx4","reference_id":"GHSA-4c9q-64gq-xhx4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4c9q-64gq-xhx4"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195443?format=json","purl":"pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dmqy-9xth-cuhs"},{"vulnerability":"VCID-gx8h-5h14-dqez"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1"}],"aliases":["CVE-2019-12922","GHSA-4c9q-64gq-xhx4"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w6nk-akeh-4ufg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98180?format=json","vulnerability_id":"VCID-x75q-4y74-d3gt","summary":"An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6627","reference_id":"","reference_type":"","scores":[{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57705","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57757","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6627"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6627"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x75q-4y74-d3gt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38272?format=json","vulnerability_id":"VCID-xqf5-yxf3-u3he","summary":"Cross-site Scripting\nAn issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6628","reference_id":"","reference_type":"","scores":[{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49487","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49425","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6628","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6628"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-51","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-51"},{"reference_url":"http://www.securityfocus.com/bid/92492","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/92492"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6628","reference_id":"CVE-2016-6628","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6628"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6628","GHSA-phhm-63xx-v9rr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xqf5-yxf3-u3he"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98169?format=json","vulnerability_id":"VCID-zmjf-j2zs-23ey","summary":"XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack); Relation view; the following Transformations: Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline, and transformation wrapper; XML export; MediaWiki export; Designer; When the MySQL server is running with a specially-crafted log_bin directive; Database tab; Replication feature; and Database search. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6607","reference_id":"","reference_type":"","scores":[{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57569","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57622","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6607"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6607","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6607"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6607"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zmjf-j2zs-23ey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38685?format=json","vulnerability_id":"VCID-zvcj-g6rt-s3de","summary":"Server-Side Request Forgery (SSRF)\nphpMyAdmin is vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000017","reference_id":"","reference_type":"","scores":[{"value":"0.0092","scoring_system":"epss","scoring_elements":"0.76369","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0092","scoring_system":"epss","scoring_elements":"0.76341","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000017"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2017-6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2017-6"},{"reference_url":"http://www.securityfocus.com/bid/95732","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/95732"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000017","reference_id":"CVE-2017-1000017","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000017"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2017-1000017","GHSA-99xj-xqc9-98hr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zvcj-g6rt-s3de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98178?format=json","vulnerability_id":"VCID-zyes-82y3-g7dh","summary":"An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6623","reference_id":"","reference_type":"","scores":[{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69446","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69485","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6623"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6623","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6623"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20210123204343/http://www.securityfocus.com/bid/95052","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123204343/http://www.securityfocus.com/bid/95052"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-46","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-46"},{"reference_url":"https://github.com/advisories/GHSA-2mcj-3r3r-v5wm","reference_id":"GHSA-2mcj-3r3r-v5wm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2mcj-3r3r-v5wm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-6623","GHSA-2mcj-3r3r-v5wm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zyes-82y3-g7dh"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98162?format=json","vulnerability_id":"VCID-1drk-gzqj-2qc5","summary":"Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5099","reference_id":"","reference_type":"","scores":[{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.66058","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.6611","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/273449?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.2.12-2%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.2.12-2%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-5099"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1drk-gzqj-2qc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38033?format=json","vulnerability_id":"VCID-1hvw-4h4d-zkhv","summary":"Cross-site Scripting\nMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin allow remote authenticated users to inject arbitrary web script or HTML.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2040","reference_id":"","reference_type":"","scores":[{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.66068","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.66016","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/75a55824012406a08c4debf5ddb7ae41c32a7dbc","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/75a55824012406a08c4debf5ddb7ae41c32a7dbc"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/aca42efa01917cc0fe8cfdb2927a6399ca1742f2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/aca42efa01917cc0fe8cfdb2927a6399ca1742f2"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/edffb52884b09562490081c3b8666ef46c296418","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/edffb52884b09562490081c3b8666ef46c296418"},{"reference_url":"http://www.debian.org/security/2016/dsa-3627","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3627"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2016-3.php","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2016-3.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2040","reference_id":"CVE-2016-2040","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2040"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/273449?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.2.12-2%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.2.12-2%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-2040","GHSA-pw34-qf6c-84fc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1hvw-4h4d-zkhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98158?format=json","vulnerability_id":"VCID-27w6-zhxk-x7e7","summary":"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2561","reference_id":"","reference_type":"","scores":[{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67632","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67673","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/273449?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.2.12-2%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.2.12-2%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-2561"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-27w6-zhxk-x7e7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43920?format=json","vulnerability_id":"VCID-33mh-s92h-c7ht","summary":"phpMyAdmin vulnerable to Cross-Site Request Forgery\nThe Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5739","reference_id":"","reference_type":"","scores":[{"value":"0.00919","scoring_system":"epss","scoring_elements":"0.76367","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00919","scoring_system":"epss","scoring_elements":"0.76339","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/1e5716cb96d46efc305381ae0da08e73fe340f05","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/1e5716cb96d46efc305381ae0da08e73fe340f05"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/2f4950828ec241e8cbdcf13090c2582a6fa620cb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/2f4950828ec241e8cbdcf13090c2582a6fa620cb"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20200227223419/http://www.securityfocus.com/bid/91389","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227223419/http://www.securityfocus.com/bid/91389"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-28","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-28"},{"reference_url":"http://www.debian.org/security/2016/dsa-3627","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3627"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5739","reference_id":"CVE-2016-5739","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5739"},{"reference_url":"https://github.com/advisories/GHSA-2p7v-jm8m-g3qq","reference_id":"GHSA-2p7v-jm8m-g3qq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2p7v-jm8m-g3qq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/273449?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.2.12-2%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.2.12-2%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-5739","GHSA-2p7v-jm8m-g3qq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-33mh-s92h-c7ht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38034?format=json","vulnerability_id":"VCID-4kax-4bpz-g7c5","summary":"Covert Timing Channel\n`libraries/common.inc.php` in phpMyAdmin does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2041","reference_id":"","reference_type":"","scores":[{"value":"0.01029","scoring_system":"epss","scoring_elements":"0.77659","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01029","scoring_system":"epss","scoring_elements":"0.77687","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/ec0e88e37ef30a66eada1c072953f4ec385a3e49","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/ec0e88e37ef30a66eada1c072953f4ec385a3e49"},{"reference_url":"http://www.debian.org/security/2016/dsa-3627","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3627"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2016-5.php","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2016-5.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2041","reference_id":"CVE-2016-2041","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2041"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/273449?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.2.12-2%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.2.12-2%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-2041","GHSA-8m97-xc46-rw9w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4kax-4bpz-g7c5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98139?format=json","vulnerability_id":"VCID-7ntf-d3af-nbbk","summary":"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database, (2) table, or (3) column name that is improperly handled during rendering of the table browse page; a crafted ENUM value that is improperly handled during rendering of the (4) table print view or (5) zoom search page; or (6) a crafted pma_fontsize cookie that is improperly handled during rendering of the home page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8958","reference_id":"","reference_type":"","scores":[{"value":"0.00604","scoring_system":"epss","scoring_elements":"0.69981","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00604","scoring_system":"epss","scoring_elements":"0.70022","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8958"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2206","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/203681?format=json","purl":"pkg:deb/debian/phpmyadmin@4:3.4.11.1-2%2Bdeb7u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aqb-7an7-mbed"},{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3trr-z4gq-pbdr"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7ntf-d3af-nbbk"},{"vulnerability":"VCID-7pwj-c6c4-gbeq"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-858m-cbw6-cfc1"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-9z7g-cffj-1ufe"},{"vulnerability":"VCID-a4fa-ms27-93fn"},{"vulnerability":"VCID-a94q-k98a-6qbw"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-ajmz-kfxh-sqaf"},{"vulnerability":"VCID-amgy-teas-euh5"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-bshf-rz9w-3yb3"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-e677-1yaz-g3em"},{"vulnerability":"VCID-fc5a-pvtd-wkcz"},{"vulnerability":"VCID-fsub-2bfp-8qbw"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-hyn6-xxxq-57f4"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jvvf-kwtm-6qb7"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k3fp-nkvv-e3fa"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-krmp-qvw1-n7b6"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m54t-23nu-3kaa"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-n7cc-xfym-u7g4"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pdmq-pgqp-5qft"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qbjt-k4x8-gya5"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qpsr-xv8c-b3gj"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-sj19-5q5e-j7ah"},{"vulnerability":"VCID-snke-vmcg-xfd2"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-ufzd-pbge-6qhk"},{"vulnerability":"VCID-ur19-yjak-vqdd"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-v69j-7vk9-e3d4"},{"vulnerability":"VCID-v6xv-djkp-4kgw"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-vxj9-zxns-kkh9"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-ww5r-71kf-tfgr"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xgnx-jteb-myf7"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:3.4.11.1-2%252Bdeb7u2"},{"url":"http://public2.vulnerablecode.io/api/packages/273448?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.2.12-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7ntf-d3af-nbbk"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jvvf-kwtm-6qb7"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.2.12-2"},{"url":"http://public2.vulnerablecode.io/api/packages/273449?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.2.12-2%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.2.12-2%252Bdeb8u2"}],"aliases":["CVE-2014-8958"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ntf-d3af-nbbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43916?format=json","vulnerability_id":"VCID-bddg-5zgr-3uew","summary":"phpMyAdmin vulnerable to Cross-site Scripting\nMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an \"invalid JSON\" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5705","reference_id":"","reference_type":"","scores":[{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.69998","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00605","scoring_system":"epss","scoring_elements":"0.70039","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/03f73d48369703e0d3584699b08e24891c3295b8","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/03f73d48369703e0d3584699b08e24891c3295b8"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/0b7416c5f4439ed3f11c023785f2d4c49a1b09fc","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/0b7416c5f4439ed3f11c023785f2d4c49a1b09fc"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/364732e309cccb3fb56c938ed8d8bc0e04a3ca98","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/364732e309cccb3fb56c938ed8d8bc0e04a3ca98"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/36df83a97a7f140fdb008b727a94f882847c6a6f","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/36df83a97a7f140fdb008b727a94f882847c6a6f"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/57ae483bad33059a885366d5445b7e1f6f29860a","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/57ae483bad33059a885366d5445b7e1f6f29860a"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20200227223416/http://www.securityfocus.com/bid/91378","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227223416/http://www.securityfocus.com/bid/91378"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-21","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-21"},{"reference_url":"http://www.debian.org/security/2016/dsa-3627","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3627"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5705","reference_id":"CVE-2016-5705","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5705"},{"reference_url":"https://github.com/advisories/GHSA-6q2j-8h8q-46mr","reference_id":"GHSA-6q2j-8h8q-46mr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6q2j-8h8q-46mr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/273449?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.2.12-2%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.2.12-2%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-5705","GHSA-6q2j-8h8q-46mr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bddg-5zgr-3uew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98152?format=json","vulnerability_id":"VCID-crn9-f6qt-qfg5","summary":"libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2039","reference_id":"","reference_type":"","scores":[{"value":"0.00382","scoring_system":"epss","scoring_elements":"0.59897","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00382","scoring_system":"epss","scoring_elements":"0.59944","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/273449?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.2.12-2%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.2.12-2%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-2039"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-crn9-f6qt-qfg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98146?format=json","vulnerability_id":"VCID-cz55-m46r-37gb","summary":"Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configuration file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3902","reference_id":"","reference_type":"","scores":[{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44306","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44375","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2206","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/203681?format=json","purl":"pkg:deb/debian/phpmyadmin@4:3.4.11.1-2%2Bdeb7u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aqb-7an7-mbed"},{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3trr-z4gq-pbdr"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7ntf-d3af-nbbk"},{"vulnerability":"VCID-7pwj-c6c4-gbeq"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-858m-cbw6-cfc1"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-9z7g-cffj-1ufe"},{"vulnerability":"VCID-a4fa-ms27-93fn"},{"vulnerability":"VCID-a94q-k98a-6qbw"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-ajmz-kfxh-sqaf"},{"vulnerability":"VCID-amgy-teas-euh5"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-bshf-rz9w-3yb3"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-e677-1yaz-g3em"},{"vulnerability":"VCID-fc5a-pvtd-wkcz"},{"vulnerability":"VCID-fsub-2bfp-8qbw"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-hyn6-xxxq-57f4"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jvvf-kwtm-6qb7"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k3fp-nkvv-e3fa"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-krmp-qvw1-n7b6"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m54t-23nu-3kaa"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-n7cc-xfym-u7g4"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pdmq-pgqp-5qft"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qbjt-k4x8-gya5"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qpsr-xv8c-b3gj"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-sj19-5q5e-j7ah"},{"vulnerability":"VCID-snke-vmcg-xfd2"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-ufzd-pbge-6qhk"},{"vulnerability":"VCID-ur19-yjak-vqdd"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-v69j-7vk9-e3d4"},{"vulnerability":"VCID-v6xv-djkp-4kgw"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-vxj9-zxns-kkh9"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-ww5r-71kf-tfgr"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xgnx-jteb-myf7"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:3.4.11.1-2%252Bdeb7u2"},{"url":"http://public2.vulnerablecode.io/api/packages/273449?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.2.12-2%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.2.12-2%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2015-3902"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cz55-m46r-37gb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44087?format=json","vulnerability_id":"VCID-gqxb-6rey-rbhv","summary":"phpMyAdmin vulnerable to Cross-site Scripting\nMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5733","reference_id":"","reference_type":"","scores":[{"value":"0.01085","scoring_system":"epss","scoring_elements":"0.78254","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01085","scoring_system":"epss","scoring_elements":"0.78228","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/4d21b5c077db50c2a54b7f569d20f463cc2651f5","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/4d21b5c077db50c2a54b7f569d20f463cc2651f5"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/615212a14d7d87712202f37354acf8581987fc5a","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/615212a14d7d87712202f37354acf8581987fc5a"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/79661610f6f65443e0ec1e382a7240437f28436c","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/79661610f6f65443e0ec1e382a7240437f28436c"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/8716855b309dbe65d7b9a5d681b80579b225b322","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/8716855b309dbe65d7b9a5d681b80579b225b322"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/895a131d2eb7e447757a35d5731c7d647823ea8b","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/895a131d2eb7e447757a35d5731c7d647823ea8b"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/960fd1fd52023047a23d069178bfff7463c2cefc","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/960fd1fd52023047a23d069178bfff7463c2cefc"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/be3ecbb4cca3fbe20e3b3aa4e049902d18b60865","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/be3ecbb4cca3fbe20e3b3aa4e049902d18b60865"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/d648ade18d6cbb796a93261491c121f078df2d88","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/d648ade18d6cbb796a93261491c121f078df2d88"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20200227223017/http://www.securityfocus.com/bid/91390","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227223017/http://www.securityfocus.com/bid/91390"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-26","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-26"},{"reference_url":"http://www.debian.org/security/2016/dsa-3627","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3627"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5733","reference_id":"CVE-2016-5733","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5733"},{"reference_url":"https://github.com/advisories/GHSA-cr65-p662-fx5c","reference_id":"GHSA-cr65-p662-fx5c","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cr65-p662-fx5c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/273449?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.2.12-2%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.2.12-2%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-5733","GHSA-cr65-p662-fx5c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gqxb-6rey-rbhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98157?format=json","vulnerability_id":"VCID-hw5n-kv9r-8yej","summary":"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2560","reference_id":"","reference_type":"","scores":[{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80346","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80371","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/273449?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.2.12-2%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.2.12-2%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-2560"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hw5n-kv9r-8yej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98143?format=json","vulnerability_id":"VCID-jvvf-kwtm-6qb7","summary":"libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9218","reference_id":"","reference_type":"","scores":[{"value":"0.15266","scoring_system":"epss","scoring_elements":"0.94744","published_at":"2026-06-04T12:55:00Z"},{"value":"0.15266","scoring_system":"epss","scoring_elements":"0.94752","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9218"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2206","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774194","reference_id":"774194","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774194"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/dos/35539.txt","reference_id":"CVE-2014-9218;OSVDB-115322","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/dos/35539.txt"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/203681?format=json","purl":"pkg:deb/debian/phpmyadmin@4:3.4.11.1-2%2Bdeb7u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aqb-7an7-mbed"},{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3trr-z4gq-pbdr"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7ntf-d3af-nbbk"},{"vulnerability":"VCID-7pwj-c6c4-gbeq"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-858m-cbw6-cfc1"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-9z7g-cffj-1ufe"},{"vulnerability":"VCID-a4fa-ms27-93fn"},{"vulnerability":"VCID-a94q-k98a-6qbw"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-ajmz-kfxh-sqaf"},{"vulnerability":"VCID-amgy-teas-euh5"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-bshf-rz9w-3yb3"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-e677-1yaz-g3em"},{"vulnerability":"VCID-fc5a-pvtd-wkcz"},{"vulnerability":"VCID-fsub-2bfp-8qbw"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-hyn6-xxxq-57f4"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jvvf-kwtm-6qb7"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k3fp-nkvv-e3fa"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-krmp-qvw1-n7b6"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m54t-23nu-3kaa"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-n7cc-xfym-u7g4"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pdmq-pgqp-5qft"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qbjt-k4x8-gya5"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qpsr-xv8c-b3gj"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-sj19-5q5e-j7ah"},{"vulnerability":"VCID-snke-vmcg-xfd2"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-ufzd-pbge-6qhk"},{"vulnerability":"VCID-ur19-yjak-vqdd"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-v69j-7vk9-e3d4"},{"vulnerability":"VCID-v6xv-djkp-4kgw"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-vxj9-zxns-kkh9"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-ww5r-71kf-tfgr"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xgnx-jteb-myf7"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:3.4.11.1-2%252Bdeb7u2"},{"url":"http://public2.vulnerablecode.io/api/packages/273448?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.2.12-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7ntf-d3af-nbbk"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jvvf-kwtm-6qb7"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.2.12-2"},{"url":"http://public2.vulnerablecode.io/api/packages/273449?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.2.12-2%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.2.12-2%252Bdeb8u2"}],"aliases":["CVE-2014-9218"],"risk_score":0.2,"exploitability":"2.0","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jvvf-kwtm-6qb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38149?format=json","vulnerability_id":"VCID-k5ph-wws1-fqg4","summary":"Cross-site Scripting\nCross-site scripting (XSS) vulnerability in `examples/openid.php` in phpMyAdmin allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5731","reference_id":"","reference_type":"","scores":[{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.62546","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00424","scoring_system":"epss","scoring_elements":"0.625","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/418aeea3d83b0b6021bac311d849570acfc6e48c","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/418aeea3d83b0b6021bac311d849570acfc6e48c"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/52e7898","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/52e7898"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/5fefa51","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/5fefa51"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/78f6c54","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/78f6c54"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/94cf3864254ffaf3a69e97d8fc454888368b94ab","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/94cf3864254ffaf3a69e97d8fc454888368b94ab"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/d005ba6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/d005ba6"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-24","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-24"},{"reference_url":"http://www.debian.org/security/2016/dsa-3627","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3627"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5731","reference_id":"CVE-2016-5731","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5731"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/273449?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.2.12-2%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.2.12-2%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-5731","GHSA-mwm8-36c5-j5cf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k5ph-wws1-fqg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98149?format=json","vulnerability_id":"VCID-mxn5-bh7q-gkdb","summary":"The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171311.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171311.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171326.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171326.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169987.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169987.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7873.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7873.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7873","reference_id":"","reference_type":"","scores":[{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.7057","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70612","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2206","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/2b31866fe0b30b867aaf5b5fedb11adb354e037f","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/2b31866fe0b30b867aaf5b5fedb11adb354e037f"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7873","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7873"},{"reference_url":"https://web.archive.org/web/20161014120907/http://www.securitytracker.com/id/1034013","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161014120907/http://www.securitytracker.com/id/1034013"},{"reference_url":"https://web.archive.org/web/20200228052850/http://www.securityfocus.com/bid/77299","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228052850/http://www.securityfocus.com/bid/77299"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2015-5","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2015-5"},{"reference_url":"http://www.debian.org/security/2015/dsa-3382","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3382"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1275108","reference_id":"1275108","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1275108"},{"reference_url":"https://github.com/advisories/GHSA-5pmg-qh2c-7j24","reference_id":"GHSA-5pmg-qh2c-7j24","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5pmg-qh2c-7j24"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/203681?format=json","purl":"pkg:deb/debian/phpmyadmin@4:3.4.11.1-2%2Bdeb7u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aqb-7an7-mbed"},{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3trr-z4gq-pbdr"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7ntf-d3af-nbbk"},{"vulnerability":"VCID-7pwj-c6c4-gbeq"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-858m-cbw6-cfc1"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-9z7g-cffj-1ufe"},{"vulnerability":"VCID-a4fa-ms27-93fn"},{"vulnerability":"VCID-a94q-k98a-6qbw"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-ajmz-kfxh-sqaf"},{"vulnerability":"VCID-amgy-teas-euh5"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-bshf-rz9w-3yb3"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-e677-1yaz-g3em"},{"vulnerability":"VCID-fc5a-pvtd-wkcz"},{"vulnerability":"VCID-fsub-2bfp-8qbw"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-hyn6-xxxq-57f4"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jvvf-kwtm-6qb7"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k3fp-nkvv-e3fa"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-krmp-qvw1-n7b6"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m54t-23nu-3kaa"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-n7cc-xfym-u7g4"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pdmq-pgqp-5qft"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qbjt-k4x8-gya5"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qpsr-xv8c-b3gj"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-sj19-5q5e-j7ah"},{"vulnerability":"VCID-snke-vmcg-xfd2"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-ufzd-pbge-6qhk"},{"vulnerability":"VCID-ur19-yjak-vqdd"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-v69j-7vk9-e3d4"},{"vulnerability":"VCID-v6xv-djkp-4kgw"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-vxj9-zxns-kkh9"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-ww5r-71kf-tfgr"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xgnx-jteb-myf7"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:3.4.11.1-2%252Bdeb7u2"},{"url":"http://public2.vulnerablecode.io/api/packages/273449?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.2.12-2%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.2.12-2%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2015-7873","GHSA-5pmg-qh2c-7j24"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mxn5-bh7q-gkdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98145?format=json","vulnerability_id":"VCID-pnry-rv8t-v3ff","summary":"libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2206","reference_id":"","reference_type":"","scores":[{"value":"0.00916","scoring_system":"epss","scoring_elements":"0.76298","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00916","scoring_system":"epss","scoring_elements":"0.76326","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2206","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/203681?format=json","purl":"pkg:deb/debian/phpmyadmin@4:3.4.11.1-2%2Bdeb7u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aqb-7an7-mbed"},{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3trr-z4gq-pbdr"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7ntf-d3af-nbbk"},{"vulnerability":"VCID-7pwj-c6c4-gbeq"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-858m-cbw6-cfc1"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-9z7g-cffj-1ufe"},{"vulnerability":"VCID-a4fa-ms27-93fn"},{"vulnerability":"VCID-a94q-k98a-6qbw"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-ajmz-kfxh-sqaf"},{"vulnerability":"VCID-amgy-teas-euh5"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-bshf-rz9w-3yb3"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-e677-1yaz-g3em"},{"vulnerability":"VCID-fc5a-pvtd-wkcz"},{"vulnerability":"VCID-fsub-2bfp-8qbw"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-hyn6-xxxq-57f4"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jvvf-kwtm-6qb7"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k3fp-nkvv-e3fa"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-krmp-qvw1-n7b6"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m54t-23nu-3kaa"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-n7cc-xfym-u7g4"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pdmq-pgqp-5qft"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qbjt-k4x8-gya5"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qpsr-xv8c-b3gj"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-sj19-5q5e-j7ah"},{"vulnerability":"VCID-snke-vmcg-xfd2"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-ufzd-pbge-6qhk"},{"vulnerability":"VCID-ur19-yjak-vqdd"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-v69j-7vk9-e3d4"},{"vulnerability":"VCID-v6xv-djkp-4kgw"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-vxj9-zxns-kkh9"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-ww5r-71kf-tfgr"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xgnx-jteb-myf7"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:3.4.11.1-2%252Bdeb7u2"},{"url":"http://public2.vulnerablecode.io/api/packages/273449?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.2.12-2%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.2.12-2%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2015-2206"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pnry-rv8t-v3ff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44050?format=json","vulnerability_id":"VCID-qpj7-uk5e-nbez","summary":"phpMyAdmin vulnerable to Cross-site Scripting\nsetup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5701","reference_id":"","reference_type":"","scores":[{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64392","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00459","scoring_system":"epss","scoring_elements":"0.64348","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/1dca386505f396f0c2035112a403cc80768a141f","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/1dca386505f396f0c2035112a403cc80768a141f"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/5633b1d57b23ddaa5a9a976a323c90c18d9be03d","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/5633b1d57b23ddaa5a9a976a323c90c18d9be03d"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/bf7379771f4b32e01f4af3b36f8ec6900288688e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/bf7379771f4b32e01f4af3b36f8ec6900288688e"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20200227223408/http://www.securityfocus.com/bid/91383","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227223408/http://www.securityfocus.com/bid/91383"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-17","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-17"},{"reference_url":"http://www.debian.org/security/2016/dsa-3627","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3627"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5701","reference_id":"CVE-2016-5701","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5701"},{"reference_url":"https://github.com/advisories/GHSA-rh74-5835-jpxp","reference_id":"GHSA-rh74-5835-jpxp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rh74-5835-jpxp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/273449?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.2.12-2%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.2.12-2%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-5701","GHSA-rh74-5835-jpxp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qpj7-uk5e-nbez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44163?format=json","vulnerability_id":"VCID-r9sb-489v-fqc9","summary":"phpMyAdmin Cryptographic Vulnerability\nThe suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1927","reference_id":"","reference_type":"","scores":[{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70629","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70672","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/2369daa7f5f550797f560e6b46a021e4558c2d72","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/2369daa7f5f550797f560e6b46a021e4558c2d72"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/5530a72e162fab442218486a90ff3365c96fde98","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/5530a72e162fab442218486a90ff3365c96fde98"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/6a96e67487f2faecb4de4204fee9b96b94020720","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/6a96e67487f2faecb4de4204fee9b96b94020720"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/8b6737735be5787d0b98c6cdfe2c7e3131b1bc95","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/8b6737735be5787d0b98c6cdfe2c7e3131b1bc95"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/8dedcc1a175eb07debd4fe116407c43694c60b22","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/8dedcc1a175eb07debd4fe116407c43694c60b22"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/912856b432d794201884c36e5f390d446339b6e4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/912856b432d794201884c36e5f390d446339b6e4"},{"reference_url":"http://www.debian.org/security/2016/dsa-3627","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3627"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2016-4.php","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2016-4.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1927","reference_id":"CVE-2016-1927","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1927"},{"reference_url":"https://github.com/advisories/GHSA-4gmg-gwjh-3mmr","reference_id":"GHSA-4gmg-gwjh-3mmr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4gmg-gwjh-3mmr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/273449?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.2.12-2%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.2.12-2%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-1927","GHSA-4gmg-gwjh-3mmr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r9sb-489v-fqc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98147?format=json","vulnerability_id":"VCID-s88e-r2gd-9yep","summary":"libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3903","reference_id":"","reference_type":"","scores":[{"value":"0.01171","scoring_system":"epss","scoring_elements":"0.79013","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01171","scoring_system":"epss","scoring_elements":"0.7904","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2206","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/203681?format=json","purl":"pkg:deb/debian/phpmyadmin@4:3.4.11.1-2%2Bdeb7u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aqb-7an7-mbed"},{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3trr-z4gq-pbdr"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7ntf-d3af-nbbk"},{"vulnerability":"VCID-7pwj-c6c4-gbeq"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-858m-cbw6-cfc1"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-9z7g-cffj-1ufe"},{"vulnerability":"VCID-a4fa-ms27-93fn"},{"vulnerability":"VCID-a94q-k98a-6qbw"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-ajmz-kfxh-sqaf"},{"vulnerability":"VCID-amgy-teas-euh5"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-bshf-rz9w-3yb3"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-e677-1yaz-g3em"},{"vulnerability":"VCID-fc5a-pvtd-wkcz"},{"vulnerability":"VCID-fsub-2bfp-8qbw"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-hyn6-xxxq-57f4"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jvvf-kwtm-6qb7"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k3fp-nkvv-e3fa"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-krmp-qvw1-n7b6"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m54t-23nu-3kaa"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-n7cc-xfym-u7g4"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pdmq-pgqp-5qft"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qbjt-k4x8-gya5"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qpsr-xv8c-b3gj"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-sj19-5q5e-j7ah"},{"vulnerability":"VCID-snke-vmcg-xfd2"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-ufzd-pbge-6qhk"},{"vulnerability":"VCID-ur19-yjak-vqdd"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-v69j-7vk9-e3d4"},{"vulnerability":"VCID-v6xv-djkp-4kgw"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-vxj9-zxns-kkh9"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-ww5r-71kf-tfgr"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xgnx-jteb-myf7"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:3.4.11.1-2%252Bdeb7u2"},{"url":"http://public2.vulnerablecode.io/api/packages/273449?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.2.12-2%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.2.12-2%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2015-3903"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s88e-r2gd-9yep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43887?format=json","vulnerability_id":"VCID-tvfz-v881-sufp","summary":"phpMyAdmin Denial Of Service (DOS) attack\njs/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5706","reference_id":"","reference_type":"","scores":[{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.8633","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86352","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/4767f24ea4c1e3822ce71a636c341e8ad8d07aa6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/4767f24ea4c1e3822ce71a636c341e8ad8d07aa6"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/805225a28c1428d7809e613c731c2126960e98df","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/805225a28c1428d7809e613c731c2126960e98df"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/abb3685c8702de887988fee31a97ef4d80d856a1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/abb3685c8702de887988fee31a97ef4d80d856a1"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-22","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-22"},{"reference_url":"http://www.debian.org/security/2016/dsa-3627","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3627"},{"reference_url":"http://www.securityfocus.com/bid/91376","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/91376"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5706","reference_id":"CVE-2016-5706","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5706"},{"reference_url":"https://github.com/advisories/GHSA-9rmm-8fp4-26hv","reference_id":"GHSA-9rmm-8fp4-26hv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9rmm-8fp4-26hv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/273449?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.2.12-2%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.2.12-2%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2016-5706","GHSA-9rmm-8fp4-26hv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tvfz-v881-sufp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98148?format=json","vulnerability_id":"VCID-uc6b-5sj1-9yg2","summary":"libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166294.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166294.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166307.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166307.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166531.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166531.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6830","reference_id":"","reference_type":"","scores":[{"value":"0.21219","scoring_system":"epss","scoring_elements":"0.95784","published_at":"2026-06-05T12:55:00Z"},{"value":"0.21219","scoring_system":"epss","scoring_elements":"0.95778","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2206","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/0314e67900f01410bc8c81c58a40dc0515e3c91d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/0314e67900f01410bc8c81c58a40dc0515e3c91d"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/785f4e2711848eb8945894199d5870253a88584e","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/785f4e2711848eb8945894199d5870253a88584e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-6830","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-6830"},{"reference_url":"https://web.archive.org/web/20200228052837/http://www.securityfocus.com/bid/76674","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228052837/http://www.securityfocus.com/bid/76674"},{"reference_url":"https://web.archive.org/web/20211215060142/http://www.securitytracker.com/id/1033546","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20211215060142/http://www.securitytracker.com/id/1033546"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2015-4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2015-4"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2015-4/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2015-4/"},{"reference_url":"http://www.debian.org/security/2015/dsa-3382","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3382"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/52414.py","reference_id":"CVE-2015-6830","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/52414.py"},{"reference_url":"https://github.com/advisories/GHSA-v6fh-vg22-r6cm","reference_id":"GHSA-v6fh-vg22-r6cm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v6fh-vg22-r6cm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/203681?format=json","purl":"pkg:deb/debian/phpmyadmin@4:3.4.11.1-2%2Bdeb7u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aqb-7an7-mbed"},{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3trr-z4gq-pbdr"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7ntf-d3af-nbbk"},{"vulnerability":"VCID-7pwj-c6c4-gbeq"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-858m-cbw6-cfc1"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-9z7g-cffj-1ufe"},{"vulnerability":"VCID-a4fa-ms27-93fn"},{"vulnerability":"VCID-a94q-k98a-6qbw"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-ajmz-kfxh-sqaf"},{"vulnerability":"VCID-amgy-teas-euh5"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-bshf-rz9w-3yb3"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-e677-1yaz-g3em"},{"vulnerability":"VCID-fc5a-pvtd-wkcz"},{"vulnerability":"VCID-fsub-2bfp-8qbw"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-hyn6-xxxq-57f4"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jvvf-kwtm-6qb7"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k3fp-nkvv-e3fa"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-krmp-qvw1-n7b6"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m54t-23nu-3kaa"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-n7cc-xfym-u7g4"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pdmq-pgqp-5qft"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qbjt-k4x8-gya5"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qpsr-xv8c-b3gj"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-sj19-5q5e-j7ah"},{"vulnerability":"VCID-snke-vmcg-xfd2"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-ufzd-pbge-6qhk"},{"vulnerability":"VCID-ur19-yjak-vqdd"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-v69j-7vk9-e3d4"},{"vulnerability":"VCID-v6xv-djkp-4kgw"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-vxj9-zxns-kkh9"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-ww5r-71kf-tfgr"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xgnx-jteb-myf7"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:3.4.11.1-2%252Bdeb7u2"},{"url":"http://public2.vulnerablecode.io/api/packages/273449?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.2.12-2%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1drk-gzqj-2qc5"},{"vulnerability":"VCID-1hvw-4h4d-zkhv"},{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-27w6-zhxk-x7e7"},{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-2vqn-z4en-duh4"},{"vulnerability":"VCID-31jg-3pzb-y3b6"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-33kv-ye2c-ebax"},{"vulnerability":"VCID-33mh-s92h-c7ht"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-3va7-xx14-gkds"},{"vulnerability":"VCID-44uc-xrvp-7bet"},{"vulnerability":"VCID-4avx-e9mf-2yb1"},{"vulnerability":"VCID-4kax-4bpz-g7c5"},{"vulnerability":"VCID-4vgu-cagj-hfhb"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5bu8-wy7w-bqfc"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-6gs5-cswx-bfeb"},{"vulnerability":"VCID-7avk-rmwd-yugt"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-84n7-nzzg-juhz"},{"vulnerability":"VCID-8jt7-y15v-83gj"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-8yxm-e33n-d7gj"},{"vulnerability":"VCID-9nh7-ny6c-n3cd"},{"vulnerability":"VCID-9tdu-572c-tbb2"},{"vulnerability":"VCID-ajeh-4q9t-sydz"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-b4jk-yjfy-pfcv"},{"vulnerability":"VCID-b6ng-ygap-zqh4"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-bddg-5zgr-3uew"},{"vulnerability":"VCID-btc1-yng3-ckhx"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-crn9-f6qt-qfg5"},{"vulnerability":"VCID-cth2-72mg-6yfr"},{"vulnerability":"VCID-cz55-m46r-37gb"},{"vulnerability":"VCID-d7jk-a94y-n3ca"},{"vulnerability":"VCID-dbk1-n9kh-dfhm"},{"vulnerability":"VCID-dfsz-1y13-yug9"},{"vulnerability":"VCID-dgvs-kqpd-gfcy"},{"vulnerability":"VCID-dj5f-y77j-d7dx"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-g2uy-ekyf-4bcj"},{"vulnerability":"VCID-gmjk-222y-abda"},{"vulnerability":"VCID-gqxb-6rey-rbhv"},{"vulnerability":"VCID-gtps-py3z-13cu"},{"vulnerability":"VCID-gzwb-ju7m-juf7"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-hbp6-s544-pqaw"},{"vulnerability":"VCID-hw5n-kv9r-8yej"},{"vulnerability":"VCID-j589-8hrn-9bae"},{"vulnerability":"VCID-jabw-t2hb-q3e9"},{"vulnerability":"VCID-jemb-avnk-c7eb"},{"vulnerability":"VCID-jmn8-a5r9-2qc8"},{"vulnerability":"VCID-jxf7-1cq4-t3cv"},{"vulnerability":"VCID-k5ph-wws1-fqg4"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-kwtj-jk24-zffq"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-m59w-cug5-wbe2"},{"vulnerability":"VCID-mgu4-pf1x-r3dy"},{"vulnerability":"VCID-mxn5-bh7q-gkdb"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n53q-r421-affh"},{"vulnerability":"VCID-n66y-s36g-fqck"},{"vulnerability":"VCID-np5w-chxm-cyak"},{"vulnerability":"VCID-nuju-ekmt-k7g9"},{"vulnerability":"VCID-nv3j-xj42-wfcw"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-p361-saxs-97g9"},{"vulnerability":"VCID-pfdk-db4h-47dx"},{"vulnerability":"VCID-pnry-rv8t-v3ff"},{"vulnerability":"VCID-q2wv-kbra-5kg8"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-q7pe-bvr1-g3bc"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-q7zq-5xpn-93dd"},{"vulnerability":"VCID-qeac-129m-1udw"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-qpj7-uk5e-nbez"},{"vulnerability":"VCID-qqyb-zags-bbhz"},{"vulnerability":"VCID-r3z5-cc6j-8yg6"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-rc63-nakx-ebbe"},{"vulnerability":"VCID-rsrk-jwbt-qfhe"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-rxz2-tx2n-k3bd"},{"vulnerability":"VCID-rz6q-hthe-1uer"},{"vulnerability":"VCID-s88e-r2gd-9yep"},{"vulnerability":"VCID-segg-gk79-9bc6"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-txba-1at4-ekg2"},{"vulnerability":"VCID-uc6b-5sj1-9yg2"},{"vulnerability":"VCID-utga-335m-dua9"},{"vulnerability":"VCID-v1kx-5wa1-r7he"},{"vulnerability":"VCID-vpf2-5j4s-jqeb"},{"vulnerability":"VCID-vxc7-fwud-33an"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-x75q-4y74-d3gt"},{"vulnerability":"VCID-xqf5-yxf3-u3he"},{"vulnerability":"VCID-zmjf-j2zs-23ey"},{"vulnerability":"VCID-zvcj-g6rt-s3de"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.2.12-2%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/516524?format=json","purl":"pkg:deb/debian/phpmyadmin@4:4.6.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-4wn2-pnbv-sked"},{"vulnerability":"VCID-52xs-45kd-w3hz"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-5jye-2stz-fqam"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-8rvw-n1fg-ffc2"},{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-bd83-vf81-sfa4"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-har4-gaft-m7e8"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-kfrx-mmr7-euep"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-p1jn-sxds-mqd1"},{"vulnerability":"VCID-q7rn-1612-quau"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"},{"vulnerability":"VCID-rx9z-rdmm-5fg6"},{"vulnerability":"VCID-w6nk-akeh-4ufg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.6.6-4%252Bdeb9u1"}],"aliases":["CVE-2015-6830","GHSA-v6fh-vg22-r6cm"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uc6b-5sj1-9yg2"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:4.2.12-2%252Bdeb8u2"}