{"url":"http://public2.vulnerablecode.io/api/packages/317754?format=json","purl":"pkg:apk/alpine/phpmyadmin@4.4.15.8-r0?arch=x86&distroversion=v3.2&reponame=main","type":"apk","namespace":"alpine","name":"phpmyadmin","version":"4.4.15.8-r0","qualifiers":{"arch":"x86","distroversion":"v3.2","reponame":"main"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"4.4.15.9-r0","latest_non_vulnerable_version":"4.4.15.9-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38289?format=json","vulnerability_id":"VCID-4avx-e9mf-2yb1","summary":"Uncontrolled Resouce Consumption\nAn issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6618","reference_id":"","reference_type":"","scores":[{"value":"0.00756","scoring_system":"epss","scoring_elements":"0.73661","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00756","scoring_system":"epss","scoring_elements":"0.73626","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6618"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-41","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-41"},{"reference_url":"http://www.securityfocus.com/bid/95047","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/95047"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6618","reference_id":"CVE-2016-6618","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6618"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/317754?format=json","purl":"pkg:apk/alpine/phpmyadmin@4.4.15.8-r0?arch=x86&distroversion=v3.2&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.4.15.8-r0%3Farch=x86&distroversion=v3.2&reponame=main"}],"aliases":["CVE-2016-6618","GHSA-rv6m-chvv-wmxg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4avx-e9mf-2yb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38287?format=json","vulnerability_id":"VCID-4vgu-cagj-hfhb","summary":"Command Injection\nAn issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6609","reference_id":"","reference_type":"","scores":[{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61758","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61709","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6609"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6609","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6609"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-32","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-32"},{"reference_url":"http://www.securityfocus.com/bid/94112","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/94112"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6609","reference_id":"CVE-2016-6609","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6609"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/317754?format=json","purl":"pkg:apk/alpine/phpmyadmin@4.4.15.8-r0?arch=x86&distroversion=v3.2&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.4.15.8-r0%3Farch=x86&distroversion=v3.2&reponame=main"}],"aliases":["CVE-2016-6609","GHSA-wpww-hx7x-xfjh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4vgu-cagj-hfhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98168?format=json","vulnerability_id":"VCID-5bu8-wy7w-bqfc","summary":"An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6606","reference_id":"","reference_type":"","scores":[{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59533","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59583","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6606"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6606"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/317754?format=json","purl":"pkg:apk/alpine/phpmyadmin@4.4.15.8-r0?arch=x86&distroversion=v3.2&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.4.15.8-r0%3Farch=x86&distroversion=v3.2&reponame=main"}],"aliases":["CVE-2016-6606"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5bu8-wy7w-bqfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98173?format=json","vulnerability_id":"VCID-8jt7-y15v-83gj","summary":"XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the \"Tracking\" feature (a specially-crafted query can be used to trigger an XSS attack); and GIS visualization feature. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6615","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55451","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55507","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6615"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/317754?format=json","purl":"pkg:apk/alpine/phpmyadmin@4.4.15.8-r0?arch=x86&distroversion=v3.2&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.4.15.8-r0%3Farch=x86&distroversion=v3.2&reponame=main"}],"aliases":["CVE-2016-6615"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8jt7-y15v-83gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98179?format=json","vulnerability_id":"VCID-9nh7-ny6c-n3cd","summary":"An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6626","reference_id":"","reference_type":"","scores":[{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49363","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49425","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6626"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/317754?format=json","purl":"pkg:apk/alpine/phpmyadmin@4.4.15.8-r0?arch=x86&distroversion=v3.2&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.4.15.8-r0%3Farch=x86&distroversion=v3.2&reponame=main"}],"aliases":["CVE-2016-6626"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9nh7-ny6c-n3cd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98170?format=json","vulnerability_id":"VCID-gzwb-ju7m-juf7","summary":"A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6610","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55394","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.5545","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6610"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/317754?format=json","purl":"pkg:apk/alpine/phpmyadmin@4.4.15.8-r0?arch=x86&distroversion=v3.2&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.4.15.8-r0%3Farch=x86&distroversion=v3.2&reponame=main"}],"aliases":["CVE-2016-6610"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gzwb-ju7m-juf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98182?format=json","vulnerability_id":"VCID-hbp6-s544-pqaw","summary":"An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file generator_plugin.sh. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6631","reference_id":"","reference_type":"","scores":[{"value":"0.04156","scoring_system":"epss","scoring_elements":"0.88865","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04156","scoring_system":"epss","scoring_elements":"0.88883","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6631"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6631","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6631"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/317754?format=json","purl":"pkg:apk/alpine/phpmyadmin@4.4.15.8-r0?arch=x86&distroversion=v3.2&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.4.15.8-r0%3Farch=x86&distroversion=v3.2&reponame=main"}],"aliases":["CVE-2016-6631"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hbp6-s544-pqaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98174?format=json","vulnerability_id":"VCID-jemb-avnk-c7eb","summary":"An issue was discovered in phpMyAdmin. In the \"User group\" and \"Designer\" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6616","reference_id":"","reference_type":"","scores":[{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.5312","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53182","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6616"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/317754?format=json","purl":"pkg:apk/alpine/phpmyadmin@4.4.15.8-r0?arch=x86&distroversion=v3.2&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.4.15.8-r0%3Farch=x86&distroversion=v3.2&reponame=main"}],"aliases":["CVE-2016-6616"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jemb-avnk-c7eb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38274?format=json","vulnerability_id":"VCID-jmn8-a5r9-2qc8","summary":"Improper Input Validation\nAn issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with `$cfg['AllowArbitraryServer']=true`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6622","reference_id":"","reference_type":"","scores":[{"value":"0.00944","scoring_system":"epss","scoring_elements":"0.7669","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00944","scoring_system":"epss","scoring_elements":"0.7666","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6622"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20210125183746/http://www.securityfocus.com/bid/95049","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210125183746/http://www.securityfocus.com/bid/95049"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-45","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-45"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6622","reference_id":"CVE-2016-6622","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6622"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/317754?format=json","purl":"pkg:apk/alpine/phpmyadmin@4.4.15.8-r0?arch=x86&distroversion=v3.2&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.4.15.8-r0%3Farch=x86&distroversion=v3.2&reponame=main"}],"aliases":["CVE-2016-6622","GHSA-qf3f-7x69-qfv3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jmn8-a5r9-2qc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98171?format=json","vulnerability_id":"VCID-kwtj-jk24-zffq","summary":"An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6611","reference_id":"","reference_type":"","scores":[{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68338","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68381","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6611"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6611","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6611"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/317754?format=json","purl":"pkg:apk/alpine/phpmyadmin@4.4.15.8-r0?arch=x86&distroversion=v3.2&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.4.15.8-r0%3Farch=x86&distroversion=v3.2&reponame=main"}],"aliases":["CVE-2016-6611"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kwtj-jk24-zffq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38285?format=json","vulnerability_id":"VCID-mgu4-pf1x-r3dy","summary":"Cross-site Scripting\nXSS issues were discovered in phpMyAdmin. This affects the database privilege check and the \"Remove partitioning\" functionality. Specially crafted database names can trigger the XSS attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6608","reference_id":"","reference_type":"","scores":[{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55129","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.5507","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6608"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-31","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-31"},{"reference_url":"http://www.securityfocus.com/bid/93258","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/93258"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6608","reference_id":"CVE-2016-6608","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6608"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/317754?format=json","purl":"pkg:apk/alpine/phpmyadmin@4.4.15.8-r0?arch=x86&distroversion=v3.2&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.4.15.8-r0%3Farch=x86&distroversion=v3.2&reponame=main"}],"aliases":["CVE-2016-6608","GHSA-jfmj-27fp-qp67"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mgu4-pf1x-r3dy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98175?format=json","vulnerability_id":"VCID-n53q-r421-affh","summary":"An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6617","reference_id":"","reference_type":"","scores":[{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54322","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54379","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6617"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/317754?format=json","purl":"pkg:apk/alpine/phpmyadmin@4.4.15.8-r0?arch=x86&distroversion=v3.2&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.4.15.8-r0%3Farch=x86&distroversion=v3.2&reponame=main"}],"aliases":["CVE-2016-6617"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n53q-r421-affh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38283?format=json","vulnerability_id":"VCID-nuju-ekmt-k7g9","summary":"Improper Input Validation\nAn issue was discovered in phpMyAdmin involving the `$cfg['ArbitraryServerRegexp']` configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by `ArbitraryServerRegexp`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6629","reference_id":"","reference_type":"","scores":[{"value":"0.00977","scoring_system":"epss","scoring_elements":"0.77051","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00977","scoring_system":"epss","scoring_elements":"0.77083","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6629"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6629","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6629"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20210725054025/http://www.securityfocus.com/bid/92493","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210725054025/http://www.securityfocus.com/bid/92493"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-52","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-52"},{"reference_url":"http://www.securityfocus.com/bid/92493","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/92493"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6629","reference_id":"CVE-2016-6629","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6629"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/317754?format=json","purl":"pkg:apk/alpine/phpmyadmin@4.4.15.8-r0?arch=x86&distroversion=v3.2&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.4.15.8-r0%3Farch=x86&distroversion=v3.2&reponame=main"}],"aliases":["CVE-2016-6629","GHSA-567r-vqj7-5cw7"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nuju-ekmt-k7g9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38276?format=json","vulnerability_id":"VCID-qqyb-zags-bbhz","summary":"Incomplete Cleanup\nAn issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6632","reference_id":"","reference_type":"","scores":[{"value":"0.00574","scoring_system":"epss","scoring_elements":"0.69162","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00574","scoring_system":"epss","scoring_elements":"0.69122","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6632"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-55","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-55"},{"reference_url":"http://www.securityfocus.com/bid/92497","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/92497"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6632","reference_id":"CVE-2016-6632","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6632"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/317754?format=json","purl":"pkg:apk/alpine/phpmyadmin@4.4.15.8-r0?arch=x86&distroversion=v3.2&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.4.15.8-r0%3Farch=x86&distroversion=v3.2&reponame=main"}],"aliases":["CVE-2016-6632","GHSA-426q-975p-w5cr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qqyb-zags-bbhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38280?format=json","vulnerability_id":"VCID-rz6q-hthe-1uer","summary":"Information Exposure\nAn issue was discovered in phpMyAdmin. A user can exploit the \"LOAD LOCAL INFILE\" functionality to expose files on the server to the database system.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6612","reference_id":"","reference_type":"","scores":[{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55792","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55735","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6612"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6612","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6612"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-35","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-35"},{"reference_url":"http://www.securityfocus.com/bid/94113","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/94113"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6612","reference_id":"CVE-2016-6612","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6612"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/317754?format=json","purl":"pkg:apk/alpine/phpmyadmin@4.4.15.8-r0?arch=x86&distroversion=v3.2&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.4.15.8-r0%3Farch=x86&distroversion=v3.2&reponame=main"}],"aliases":["CVE-2016-6612","GHSA-fcgm-62p3-f7cm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rz6q-hthe-1uer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98181?format=json","vulnerability_id":"VCID-vxc7-fwud-33an","summary":"An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6630","reference_id":"","reference_type":"","scores":[{"value":"0.0069","scoring_system":"epss","scoring_elements":"0.72171","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0069","scoring_system":"epss","scoring_elements":"0.72213","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6630"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6630","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6630"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/317754?format=json","purl":"pkg:apk/alpine/phpmyadmin@4.4.15.8-r0?arch=x86&distroversion=v3.2&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.4.15.8-r0%3Farch=x86&distroversion=v3.2&reponame=main"}],"aliases":["CVE-2016-6630"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vxc7-fwud-33an"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98180?format=json","vulnerability_id":"VCID-x75q-4y74-d3gt","summary":"An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6627","reference_id":"","reference_type":"","scores":[{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57705","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57757","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6627"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/317754?format=json","purl":"pkg:apk/alpine/phpmyadmin@4.4.15.8-r0?arch=x86&distroversion=v3.2&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.4.15.8-r0%3Farch=x86&distroversion=v3.2&reponame=main"}],"aliases":["CVE-2016-6627"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x75q-4y74-d3gt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38272?format=json","vulnerability_id":"VCID-xqf5-yxf3-u3he","summary":"Cross-site Scripting\nAn issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6628","reference_id":"","reference_type":"","scores":[{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49487","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49425","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6628","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6628"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-51","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-51"},{"reference_url":"http://www.securityfocus.com/bid/92492","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/92492"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6628","reference_id":"CVE-2016-6628","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6628"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/317754?format=json","purl":"pkg:apk/alpine/phpmyadmin@4.4.15.8-r0?arch=x86&distroversion=v3.2&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.4.15.8-r0%3Farch=x86&distroversion=v3.2&reponame=main"}],"aliases":["CVE-2016-6628","GHSA-phhm-63xx-v9rr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xqf5-yxf3-u3he"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98178?format=json","vulnerability_id":"VCID-zyes-82y3-g7dh","summary":"An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6623","reference_id":"","reference_type":"","scores":[{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69446","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69485","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6623"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6623","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6623"},{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20210123204343/http://www.securityfocus.com/bid/95052","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123204343/http://www.securityfocus.com/bid/95052"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-46","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2016-46"},{"reference_url":"https://github.com/advisories/GHSA-2mcj-3r3r-v5wm","reference_id":"GHSA-2mcj-3r3r-v5wm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2mcj-3r3r-v5wm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/317754?format=json","purl":"pkg:apk/alpine/phpmyadmin@4.4.15.8-r0?arch=x86&distroversion=v3.2&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.4.15.8-r0%3Farch=x86&distroversion=v3.2&reponame=main"}],"aliases":["CVE-2016-6623","GHSA-2mcj-3r3r-v5wm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zyes-82y3-g7dh"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/phpmyadmin@4.4.15.8-r0%3Farch=x86&distroversion=v3.2&reponame=main"}