Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/33616?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/33616?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.8.4", "type": "composer", "namespace": "phpmyadmin", "name": "phpmyadmin", "version": "4.8.4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.9.11", "latest_non_vulnerable_version": "5.2.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/221913?format=api", "vulnerability_id": "VCID-2jjv-4en4-e3gx", "summary": "phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because \"the CSV file is accurately generated based on the database contents.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-22278", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61125", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61205", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61233", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61199", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61247", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61261", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61281", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61267", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61249", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61289", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61294", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61273", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61277", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.6127", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61219", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-22278" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22278", "reference_id": "CVE-2020-22278", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22278" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81919?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-araw-4wdy-hqcz" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.3" } ], "aliases": [ "CVE-2020-22278" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2jjv-4en4-e3gx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54510?format=api", "vulnerability_id": "VCID-5657-kcyh-7bc2", "summary": "phpMyAdmin SQL injection in user accounts page\nIn phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5504", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.22375", "scoring_system": "epss", "scoring_elements": "0.95856", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.22375", "scoring_system": "epss", "scoring_elements": "0.95834", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.22375", "scoring_system": "epss", "scoring_elements": "0.9584", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.22375", "scoring_system": "epss", "scoring_elements": "0.95843", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.22375", "scoring_system": "epss", "scoring_elements": "0.95844", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.23238", "scoring_system": "epss", "scoring_elements": "0.95924", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.23238", "scoring_system": "epss", "scoring_elements": "0.95937", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.23238", "scoring_system": "epss", "scoring_elements": "0.95928", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.23238", "scoring_system": "epss", "scoring_elements": "0.95908", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.23238", "scoring_system": "epss", "scoring_elements": "0.95916", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.23238", "scoring_system": "epss", "scoring_elements": "0.95945", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.23238", "scoring_system": "epss", "scoring_elements": "0.95942", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.23238", "scoring_system": "epss", "scoring_elements": "0.95939", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5504" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5504" }, { "reference_url": "https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-5504.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-5504.yaml" }, { "reference_url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-5504.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-5504.md" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5504", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5504" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2020-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2020-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948718", "reference_id": "948718", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948718" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52451.txt", "reference_id": "CVE-2020-5504", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52451.txt" }, { "reference_url": "https://github.com/advisories/GHSA-fgj8-93xx-f6g6", "reference_id": "GHSA-fgj8-93xx-f6g6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fgj8-93xx-f6g6" }, { "reference_url": "https://usn.ubuntu.com/4639-1/", "reference_id": "USN-4639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4639-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4843-1/", "reference_id": "USN-USN-4843-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4843-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81779?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-2y3v-jnph-hfh4" }, { "vulnerability": "VCID-mk34-h4nz-b3ey" }, { "vulnerability": "VCID-na3j-h3qr-k7dc" }, { "vulnerability": "VCID-ngtc-xtjn-xbhp" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-tks3-6uv4-kygf" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" }, { "vulnerability": "VCID-znfm-ak2t-mqdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/81780?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-2y3v-jnph-hfh4" }, { "vulnerability": "VCID-41mv-6vqr-sua6" }, { "vulnerability": "VCID-araw-4wdy-hqcz" }, { "vulnerability": "VCID-mk34-h4nz-b3ey" }, { "vulnerability": "VCID-ngtc-xtjn-xbhp" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-tks3-6uv4-kygf" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" }, { "vulnerability": "VCID-znfm-ak2t-mqdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.1" } ], "aliases": [ "CVE-2020-5504", "GHSA-fgj8-93xx-f6g6" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5657-kcyh-7bc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10254?format=api", "vulnerability_id": "VCID-br1c-5bzf-ufeu", "summary": "SQL Injection\nAn issue was discovered in phpMyAdmin. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6798", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.67585", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.67562", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.67575", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.67598", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.67584", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.67551", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.67587", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.67599", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.67578", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.67597", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.67608", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.6761", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.67474", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.6751", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00538", "scoring_system": "epss", "scoring_elements": "0.67532", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6798" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2019-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2019-2" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2019-2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2019-2/" }, { "reference_url": "http://www.securityfocus.com/bid/106727", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/106727" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920822", "reference_id": "920822", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920822" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6798", "reference_id": "CVE-2019-6798", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6798" }, { "reference_url": "https://github.com/advisories/GHSA-f732-fxh6-g4qj", "reference_id": "GHSA-f732-fxh6-g4qj", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f732-fxh6-g4qj" }, { "reference_url": "https://usn.ubuntu.com/4639-1/", "reference_id": "USN-4639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4639-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4843-1/", "reference_id": "USN-USN-4843-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4843-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34735?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-5657-kcyh-7bc2" }, { "vulnerability": "VCID-g6ud-92qe-hqcx" }, { "vulnerability": "VCID-gu4y-aeqx-mqak" }, { "vulnerability": "VCID-jma9-9uhu-xuc3" }, { "vulnerability": "VCID-ngtc-xtjn-xbhp" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-scu3-cfyc-9qfz" }, { "vulnerability": "VCID-tks3-6uv4-kygf" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" }, { "vulnerability": "VCID-znfm-ak2t-mqdd" }, { "vulnerability": "VCID-zyzp-aqd8-e3a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/55566?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-2y3v-jnph-hfh4" }, { "vulnerability": "VCID-41mv-6vqr-sua6" }, { "vulnerability": "VCID-5657-kcyh-7bc2" }, { "vulnerability": "VCID-araw-4wdy-hqcz" }, { "vulnerability": "VCID-mk34-h4nz-b3ey" }, { "vulnerability": "VCID-ngtc-xtjn-xbhp" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-tks3-6uv4-kygf" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" }, { "vulnerability": "VCID-znfm-ak2t-mqdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0" } ], "aliases": [ "CVE-2019-6798", "GHSA-f732-fxh6-g4qj" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-br1c-5bzf-ufeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58614?format=api", "vulnerability_id": "VCID-g6ud-92qe-hqcx", "summary": "phpMyAdmin unsanitized Git information\nphpMyAdmin before 4.9.2 does not escape certain Git information, related to `libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.7863", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.78481", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.78487", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.78518", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.78501", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.78528", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.78533", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.78558", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.7854", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.78532", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.7856", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.78559", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.78556", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.78588", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.78596", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01155", "scoring_system": "epss", "scoring_elements": "0.78613", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19617" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19617", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19617" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/compare/RELEASE_4_9_1...RELEASE_4_9_2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/compare/RELEASE_4_9_1...RELEASE_4_9_2" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00006.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19617", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19617" }, { "reference_url": "https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released" }, { "reference_url": "https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released/" }, { "reference_url": "https://github.com/advisories/GHSA-pgph-mc4p-f8c3", "reference_id": "GHSA-pgph-mc4p-f8c3", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pgph-mc4p-f8c3" }, { "reference_url": "https://usn.ubuntu.com/4639-1/", "reference_id": "USN-4639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4639-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4843-1/", "reference_id": "USN-USN-4843-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4843-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73013?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-2y3v-jnph-hfh4" }, { "vulnerability": "VCID-5657-kcyh-7bc2" }, { "vulnerability": "VCID-mk34-h4nz-b3ey" }, { "vulnerability": "VCID-na3j-h3qr-k7dc" }, { "vulnerability": "VCID-ngtc-xtjn-xbhp" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-tks3-6uv4-kygf" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" }, { "vulnerability": "VCID-znfm-ak2t-mqdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.2" } ], "aliases": [ "CVE-2019-19617", "GHSA-pgph-mc4p-f8c3" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g6ud-92qe-hqcx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33181?format=api", "vulnerability_id": "VCID-gu4y-aeqx-mqak", "summary": "SQL injection in phpMyAdmin\nAn issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18622", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72895", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.7276", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.7278", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72756", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72794", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72808", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72832", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72815", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72807", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72849", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72859", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72851", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72892", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72902", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.729", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00736", "scoring_system": "epss", "scoring_elements": "0.72752", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18622" }, { "reference_url": "https://github.com/phpmyadmin/composer/commit/51acbf53564d9b52e78509a5688ec2b68976b5f7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer/commit/51acbf53564d9b52e78509a5688ec2b68976b5f7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18622", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18622" }, { "reference_url": "https://security.gentoo.org/glsa/202003-39", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202003-39" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2019-5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2019-5" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2019-5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2019-5/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945349", "reference_id": "945349", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945349" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:opensuse:backports_sle:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-jgjc-332c-8cmc", "reference_id": "GHSA-jgjc-332c-8cmc", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jgjc-332c-8cmc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73013?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-2y3v-jnph-hfh4" }, { "vulnerability": "VCID-5657-kcyh-7bc2" }, { "vulnerability": "VCID-mk34-h4nz-b3ey" }, { "vulnerability": "VCID-na3j-h3qr-k7dc" }, { "vulnerability": "VCID-ngtc-xtjn-xbhp" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-tks3-6uv4-kygf" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" }, { "vulnerability": "VCID-znfm-ak2t-mqdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/55566?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-2y3v-jnph-hfh4" }, { "vulnerability": "VCID-41mv-6vqr-sua6" }, { "vulnerability": "VCID-5657-kcyh-7bc2" }, { "vulnerability": "VCID-araw-4wdy-hqcz" }, { "vulnerability": "VCID-mk34-h4nz-b3ey" }, { "vulnerability": "VCID-ngtc-xtjn-xbhp" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-tks3-6uv4-kygf" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" }, { "vulnerability": "VCID-znfm-ak2t-mqdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0" } ], "aliases": [ "CVE-2019-18622", "GHSA-jgjc-332c-8cmc" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gu4y-aeqx-mqak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10733?format=api", "vulnerability_id": "VCID-jma9-9uhu-xuc3", "summary": "SQL Injection\nA vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11768", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01803", "scoring_system": "epss", "scoring_elements": "0.82904", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01803", "scoring_system": "epss", "scoring_elements": "0.82808", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01803", "scoring_system": "epss", "scoring_elements": "0.82847", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01803", "scoring_system": "epss", "scoring_elements": "0.82846", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01803", "scoring_system": "epss", "scoring_elements": "0.82849", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01803", "scoring_system": "epss", "scoring_elements": "0.82871", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01803", "scoring_system": "epss", "scoring_elements": "0.8288", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01803", "scoring_system": "epss", "scoring_elements": "0.82885", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01803", "scoring_system": "epss", "scoring_elements": "0.82743", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01803", "scoring_system": "epss", "scoring_elements": "0.82759", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01803", "scoring_system": "epss", "scoring_elements": "0.82772", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01803", "scoring_system": "epss", "scoring_elements": "0.82769", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01803", "scoring_system": "epss", "scoring_elements": "0.82795", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01803", "scoring_system": "epss", "scoring_elements": "0.82801", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01803", "scoring_system": "epss", "scoring_elements": "0.82817", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01803", "scoring_system": "epss", "scoring_elements": "0.82813", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11768" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11768", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11768" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/c1ecafc38319e8f768c9259d4d580e42acd5ee86", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/c1ecafc38319e8f768c9259d4d580e42acd5ee86" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2019-3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2019-3" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2019-3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2019-3/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930048", "reference_id": "930048", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930048" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11768", "reference_id": "CVE-2019-11768", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11768" }, { "reference_url": "https://github.com/advisories/GHSA-x37v-98f9-mj32", "reference_id": "GHSA-x37v-98f9-mj32", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x37v-98f9-mj32" }, { "reference_url": "https://usn.ubuntu.com/4639-1/", "reference_id": "USN-4639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4639-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4843-1/", "reference_id": "USN-USN-4843-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4843-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/189136?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-2y3v-jnph-hfh4" }, { "vulnerability": "VCID-5657-kcyh-7bc2" }, { "vulnerability": "VCID-g6ud-92qe-hqcx" }, { "vulnerability": "VCID-gu4y-aeqx-mqak" }, { "vulnerability": "VCID-mk34-h4nz-b3ey" }, { "vulnerability": "VCID-na3j-h3qr-k7dc" }, { "vulnerability": "VCID-ngtc-xtjn-xbhp" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-tks3-6uv4-kygf" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" }, { "vulnerability": "VCID-znfm-ak2t-mqdd" }, { "vulnerability": "VCID-zyzp-aqd8-e3a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/37061?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.0%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zyzp-aqd8-e3a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.0%252B1" } ], "aliases": [ "CVE-2019-11768", "GHSA-x37v-98f9-mj32" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jma9-9uhu-xuc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54695?format=api", "vulnerability_id": "VCID-ngtc-xtjn-xbhp", "summary": "phpMyAdmin SQL injection vulnerability\nIn phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10802", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01622", "scoring_system": "epss", "scoring_elements": "0.81871", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01622", "scoring_system": "epss", "scoring_elements": "0.81802", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01622", "scoring_system": "epss", "scoring_elements": "0.81931", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01622", "scoring_system": "epss", "scoring_elements": "0.81912", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01622", "scoring_system": "epss", "scoring_elements": "0.81907", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01622", "scoring_system": "epss", "scoring_elements": "0.81896", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01622", "scoring_system": "epss", "scoring_elements": "0.81873", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01622", "scoring_system": "epss", "scoring_elements": "0.81826", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01622", "scoring_system": "epss", "scoring_elements": "0.81769", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01622", "scoring_system": "epss", "scoring_elements": "0.818", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01622", "scoring_system": "epss", "scoring_elements": "0.81779", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01622", "scoring_system": "epss", "scoring_elements": "0.8187", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01622", "scoring_system": "epss", "scoring_elements": "0.81834", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01622", "scoring_system": "epss", "scoring_elements": "0.8184", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01622", "scoring_system": "epss", "scoring_elements": "0.81852", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01622", "scoring_system": "epss", "scoring_elements": "0.81833", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10802" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10802.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10802.yaml" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10802", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10802" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2020-3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2020-3" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2020-3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2020-3/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954665", "reference_id": "954665", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954665" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-f4cr-3xmc-2wpm", "reference_id": "GHSA-f4cr-3xmc-2wpm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f4cr-3xmc-2wpm" }, { "reference_url": "https://usn.ubuntu.com/4639-1/", "reference_id": "USN-4639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4639-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81952?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-2y3v-jnph-hfh4" }, { "vulnerability": "VCID-mk34-h4nz-b3ey" }, { "vulnerability": "VCID-na3j-h3qr-k7dc" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/55567?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-2y3v-jnph-hfh4" }, { "vulnerability": "VCID-araw-4wdy-hqcz" }, { "vulnerability": "VCID-dsxw-w87t-eycw" }, { "vulnerability": "VCID-mk34-h4nz-b3ey" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.2" } ], "aliases": [ "CVE-2020-10802", "GHSA-f4cr-3xmc-2wpm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ngtc-xtjn-xbhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13228?format=api", "vulnerability_id": "VCID-rqy8-n6fr-hqey", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nPhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0813", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54811", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54787", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54732", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54908", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54863", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54905", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54888", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63058", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.62955", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63014", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63043", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63007", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63074", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63091", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63077", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63055", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0813" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/202311-17", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202311-17" }, { "reference_url": "https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information" }, { "reference_url": "https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released" }, { "reference_url": "https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0813", "reference_id": "CVE-2022-0813", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0813" }, { "reference_url": "https://github.com/advisories/GHSA-vx8q-j7h9-vf6q", "reference_id": "GHSA-vx8q-j7h9-vf6q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vx8q-j7h9-vf6q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43865?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-araw-4wdy-hqcz" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/80986?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-araw-4wdy-hqcz" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.1.3" } ], "aliases": [ "CVE-2022-0813", "GHSA-vx8q-j7h9-vf6q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rqy8-n6fr-hqey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10737?format=api", "vulnerability_id": "VCID-scu3-cfyc-9qfz", "summary": "Cross-Site Request Forgery (CSRF)\nA vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken `<img>` tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific `INSERT` or `DELETE` statement) to the victim.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12616", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.55051", "scoring_system": "epss", "scoring_elements": "0.98072", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.55051", "scoring_system": "epss", "scoring_elements": "0.98047", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.55051", "scoring_system": "epss", "scoring_elements": "0.98052", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.55051", "scoring_system": "epss", "scoring_elements": "0.98053", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.55051", "scoring_system": "epss", "scoring_elements": "0.98058", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.55051", "scoring_system": "epss", "scoring_elements": "0.98059", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.55051", "scoring_system": "epss", "scoring_elements": "0.98065", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.55051", "scoring_system": "epss", "scoring_elements": "0.98062", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.55051", "scoring_system": "epss", "scoring_elements": "0.98061", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.55051", "scoring_system": "epss", "scoring_elements": "0.98066", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.55051", "scoring_system": "epss", "scoring_elements": "0.98038", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.55051", "scoring_system": "epss", "scoring_elements": "0.98043", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.55051", "scoring_system": "epss", "scoring_elements": "0.98045", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12616" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12616", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12616" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/015c404038c44279d95b6430ee5a0dddc97691ec", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/015c404038c44279d95b6430ee5a0dddc97691ec" }, { "reference_url": "https://packetstormsecurity.com/files/153251/phpMyAdmin-4.8-Cross-Site-Request-Forgery.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packetstormsecurity.com/files/153251/phpMyAdmin-4.8-Cross-Site-Request-Forgery.html" }, { "reference_url": "https://www.phpmyadmin.net/security/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2019-4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2019-4" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2019-4/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2019-4/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930017", "reference_id": "930017", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930017" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46982.txt", "reference_id": "CVE-2019-12616", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46982.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12616", "reference_id": "CVE-2019-12616", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12616" }, { "reference_url": "https://github.com/advisories/GHSA-mfr9-pcm3-6mwc", "reference_id": "GHSA-mfr9-pcm3-6mwc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mfr9-pcm3-6mwc" }, { "reference_url": "https://usn.ubuntu.com/4639-1/", "reference_id": "USN-4639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4639-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4843-1/", "reference_id": "USN-USN-4843-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4843-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/37069?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-2y3v-jnph-hfh4" }, { "vulnerability": "VCID-5657-kcyh-7bc2" }, { "vulnerability": "VCID-g6ud-92qe-hqcx" }, { "vulnerability": "VCID-gu4y-aeqx-mqak" }, { "vulnerability": "VCID-jma9-9uhu-xuc3" }, { "vulnerability": "VCID-mk34-h4nz-b3ey" }, { "vulnerability": "VCID-na3j-h3qr-k7dc" }, { "vulnerability": "VCID-ngtc-xtjn-xbhp" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-tks3-6uv4-kygf" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" }, { "vulnerability": "VCID-znfm-ak2t-mqdd" }, { "vulnerability": "VCID-zyzp-aqd8-e3a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.0" } ], "aliases": [ "CVE-2019-12616", "GHSA-mfr9-pcm3-6mwc" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-scu3-cfyc-9qfz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54679?format=api", "vulnerability_id": "VCID-tks3-6uv4-kygf", "summary": "phpMyAdmin SQL Injection\nIn phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10804", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02444", "scoring_system": "epss", "scoring_elements": "0.85251", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02444", "scoring_system": "epss", "scoring_elements": "0.85114", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02444", "scoring_system": "epss", "scoring_elements": "0.85127", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02444", "scoring_system": "epss", "scoring_elements": "0.85144", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02444", "scoring_system": "epss", "scoring_elements": "0.85147", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02444", "scoring_system": "epss", "scoring_elements": "0.85169", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02444", "scoring_system": "epss", "scoring_elements": "0.85177", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02444", "scoring_system": "epss", "scoring_elements": "0.85191", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02444", "scoring_system": "epss", "scoring_elements": "0.85189", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02444", "scoring_system": "epss", "scoring_elements": "0.85186", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02444", "scoring_system": "epss", "scoring_elements": "0.85207", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02444", "scoring_system": "epss", "scoring_elements": "0.85208", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02444", "scoring_system": "epss", "scoring_elements": "0.85231", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02444", "scoring_system": "epss", "scoring_elements": "0.85239", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02444", "scoring_system": "epss", "scoring_elements": "0.85237", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10804" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10804.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10804.yaml" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10804", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10804" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2020-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2020-2" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2020-2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2020-2/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954667", "reference_id": "954667", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954667" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-h65r-8fp8-w7cx", "reference_id": "GHSA-h65r-8fp8-w7cx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h65r-8fp8-w7cx" }, { "reference_url": "https://usn.ubuntu.com/4639-1/", "reference_id": "USN-4639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4639-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81952?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-2y3v-jnph-hfh4" }, { "vulnerability": "VCID-mk34-h4nz-b3ey" }, { "vulnerability": "VCID-na3j-h3qr-k7dc" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/55567?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-2y3v-jnph-hfh4" }, { "vulnerability": "VCID-araw-4wdy-hqcz" }, { "vulnerability": "VCID-dsxw-w87t-eycw" }, { "vulnerability": "VCID-mk34-h4nz-b3ey" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.2" } ], "aliases": [ "CVE-2020-10804", "GHSA-h65r-8fp8-w7cx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tks3-6uv4-kygf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10253?format=api", "vulnerability_id": "VCID-yfja-ssw3-skh1", "summary": "Information Exposure\nWhen the `AllowArbitraryServer` configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the `mysql.allow_local_infile` PHP configuration, and the inadvertent ignoring of `options(MYSQLI_OPT_LOCAL_INFILE` calls.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6799", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.7658", "scoring_system": "epss", "scoring_elements": "0.98937", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.7658", "scoring_system": "epss", "scoring_elements": "0.98958", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.7658", "scoring_system": "epss", "scoring_elements": "0.98954", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.7658", "scoring_system": "epss", "scoring_elements": "0.98935", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.7658", "scoring_system": "epss", "scoring_elements": "0.98939", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.7658", "scoring_system": "epss", "scoring_elements": "0.98952", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.7658", "scoring_system": "epss", "scoring_elements": "0.9895", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.7658", "scoring_system": "epss", "scoring_elements": "0.98948", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.7658", "scoring_system": "epss", "scoring_elements": "0.98947", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.7658", "scoring_system": "epss", "scoring_elements": "0.98946", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.7658", "scoring_system": "epss", "scoring_elements": "0.98944", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.7658", "scoring_system": "epss", "scoring_elements": "0.98933", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.7658", "scoring_system": "epss", "scoring_elements": "0.98943", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.7658", "scoring_system": "epss", "scoring_elements": "0.98941", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6799" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00039.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00039.html" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2019-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2019-1" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2019-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2019-1/" }, { "reference_url": "http://www.securityfocus.com/bid/106736", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/106736" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920823", "reference_id": "920823", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920823" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6799", "reference_id": "CVE-2019-6799", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6799" }, { "reference_url": "https://github.com/advisories/GHSA-c8wj-q36q-3wg4", "reference_id": "GHSA-c8wj-q36q-3wg4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c8wj-q36q-3wg4" }, { "reference_url": "https://usn.ubuntu.com/4639-1/", "reference_id": "USN-4639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4639-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34735?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-5657-kcyh-7bc2" }, { "vulnerability": "VCID-g6ud-92qe-hqcx" }, { "vulnerability": "VCID-gu4y-aeqx-mqak" }, { "vulnerability": "VCID-jma9-9uhu-xuc3" }, { "vulnerability": "VCID-ngtc-xtjn-xbhp" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-scu3-cfyc-9qfz" }, { "vulnerability": "VCID-tks3-6uv4-kygf" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" }, { "vulnerability": "VCID-znfm-ak2t-mqdd" }, { "vulnerability": "VCID-zyzp-aqd8-e3a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/55566?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-2y3v-jnph-hfh4" }, { "vulnerability": "VCID-41mv-6vqr-sua6" }, { "vulnerability": "VCID-5657-kcyh-7bc2" }, { "vulnerability": "VCID-araw-4wdy-hqcz" }, { "vulnerability": "VCID-mk34-h4nz-b3ey" }, { "vulnerability": "VCID-ngtc-xtjn-xbhp" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-tks3-6uv4-kygf" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" }, { "vulnerability": "VCID-znfm-ak2t-mqdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0" } ], "aliases": [ "CVE-2019-6799", "GHSA-c8wj-q36q-3wg4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yfja-ssw3-skh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16445?format=api", "vulnerability_id": "VCID-ym9b-4su6-6fbr", "summary": "Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin\nIn phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger Cross-site Scripting (XSS) by uploading a crafted .sql file through the drag-and-drop interface. By disabling the configuration directive `$cfg['enable_drag_drop_import']`, users will be unable to use the drag and drop upload which would protect against the vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25727", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09535", "scoring_system": "epss", "scoring_elements": "0.92867", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.09535", "scoring_system": "epss", "scoring_elements": "0.92876", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.09535", "scoring_system": "epss", "scoring_elements": "0.92872", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.1094", "scoring_system": "epss", "scoring_elements": "0.93428", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.1094", "scoring_system": "epss", "scoring_elements": "0.93438", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.1094", "scoring_system": "epss", "scoring_elements": "0.93434", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.1094", "scoring_system": "epss", "scoring_elements": "0.93405", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.1094", "scoring_system": "epss", "scoring_elements": "0.93423", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.11079", "scoring_system": "epss", "scoring_elements": "0.93441", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11079", "scoring_system": "epss", "scoring_elements": "0.93433", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11079", "scoring_system": "epss", "scoring_elements": "0.93445", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11079", "scoring_system": "epss", "scoring_elements": "0.93425", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11079", "scoring_system": "epss", "scoring_elements": "0.9345", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.11079", "scoring_system": "epss", "scoring_elements": "0.93451", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25727" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25727", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25727" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/53f70fd7f3b388639922e6cc1ca51fbe890c91cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/53f70fd7f3b388639922e6cc1ca51fbe890c91cc" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2023-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2023-1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25727", "reference_id": "CVE-2023-25727", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25727" }, { "reference_url": "https://github.com/advisories/GHSA-6hr3-44gx-g6wh", "reference_id": "GHSA-6hr3-44gx-g6wh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6hr3-44gx-g6wh" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2023-1/", "reference_id": "PMASA-2023-1", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:52:37Z/" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2023-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55878?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/55879?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-araw-4wdy-hqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.2.1" } ], "aliases": [ "CVE-2023-25727", "GHSA-6hr3-44gx-g6wh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ym9b-4su6-6fbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57068?format=api", "vulnerability_id": "VCID-znfm-ak2t-mqdd", "summary": "phpMyAdmin SQL injection vulnerability\nIn phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10803", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03554", "scoring_system": "epss", "scoring_elements": "0.87745", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.03554", "scoring_system": "epss", "scoring_elements": "0.87643", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03554", "scoring_system": "epss", "scoring_elements": "0.87653", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03554", "scoring_system": "epss", "scoring_elements": "0.87666", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03554", "scoring_system": "epss", "scoring_elements": "0.87667", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03554", "scoring_system": "epss", "scoring_elements": "0.87688", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03554", "scoring_system": "epss", "scoring_elements": "0.87694", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03554", "scoring_system": "epss", "scoring_elements": "0.87706", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03554", "scoring_system": "epss", "scoring_elements": "0.87699", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03554", "scoring_system": "epss", "scoring_elements": "0.87697", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03554", "scoring_system": "epss", "scoring_elements": "0.87712", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03554", "scoring_system": "epss", "scoring_elements": "0.87708", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03554", "scoring_system": "epss", "scoring_elements": "0.87726", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03554", "scoring_system": "epss", "scoring_elements": "0.87732", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03554", "scoring_system": "epss", "scoring_elements": "0.8773", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10803" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10803.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10803.yaml" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10803", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10803" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2020-4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2020-4" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2020-4/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2020-4/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954666", "reference_id": "954666", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954666" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-fcww-8wvc-38q9", "reference_id": "GHSA-fcww-8wvc-38q9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fcww-8wvc-38q9" }, { "reference_url": "https://usn.ubuntu.com/4639-1/", "reference_id": "USN-4639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4639-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81952?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-2y3v-jnph-hfh4" }, { "vulnerability": "VCID-mk34-h4nz-b3ey" }, { "vulnerability": "VCID-na3j-h3qr-k7dc" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/55567?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-2y3v-jnph-hfh4" }, { "vulnerability": "VCID-araw-4wdy-hqcz" }, { "vulnerability": "VCID-dsxw-w87t-eycw" }, { "vulnerability": "VCID-mk34-h4nz-b3ey" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.2" } ], "aliases": [ "CVE-2020-10803", "GHSA-fcww-8wvc-38q9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-znfm-ak2t-mqdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57551?format=api", "vulnerability_id": "VCID-zyzp-aqd8-e3a9", "summary": "phpMyAdmin Cross-Site Request Forgery (CSRF)\nA CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html" }, { "reference_url": "http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12922", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.4225", "scoring_system": "epss", "scoring_elements": "0.97466", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.4225", "scoring_system": "epss", "scoring_elements": "0.97422", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.4225", "scoring_system": "epss", "scoring_elements": "0.97429", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.4225", "scoring_system": "epss", "scoring_elements": "0.97433", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.4225", "scoring_system": "epss", "scoring_elements": "0.97434", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.4225", "scoring_system": "epss", "scoring_elements": "0.97441", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.4225", "scoring_system": "epss", "scoring_elements": "0.97442", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.4225", "scoring_system": "epss", "scoring_elements": "0.97445", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.4225", "scoring_system": "epss", "scoring_elements": "0.97447", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.4225", "scoring_system": "epss", "scoring_elements": "0.97456", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.4225", "scoring_system": "epss", "scoring_elements": "0.9746", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.4225", "scoring_system": "epss", "scoring_elements": "0.97459", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.4225", "scoring_system": "epss", "scoring_elements": "0.97458", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.4225", "scoring_system": "epss", "scoring_elements": "0.97462", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12922" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Sep/23", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Sep/23" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12922", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:P" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12922" }, { "reference_url": "https://www.exploit-db.com/exploits/47385", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/47385" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/47385.txt", "reference_id": "CVE-2019-12922", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/47385.txt" }, { "reference_url": "https://github.com/advisories/GHSA-4c9q-64gq-xhx4", "reference_id": "GHSA-4c9q-64gq-xhx4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4c9q-64gq-xhx4" }, { "reference_url": "https://usn.ubuntu.com/USN-4843-1/", "reference_id": "USN-USN-4843-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4843-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83854?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-2y3v-jnph-hfh4" }, { "vulnerability": "VCID-5657-kcyh-7bc2" }, { "vulnerability": "VCID-g6ud-92qe-hqcx" }, { "vulnerability": "VCID-gu4y-aeqx-mqak" }, { "vulnerability": "VCID-mk34-h4nz-b3ey" }, { "vulnerability": "VCID-na3j-h3qr-k7dc" }, { "vulnerability": "VCID-ngtc-xtjn-xbhp" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-tks3-6uv4-kygf" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" }, { "vulnerability": "VCID-znfm-ak2t-mqdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/55566?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-2y3v-jnph-hfh4" }, { "vulnerability": "VCID-41mv-6vqr-sua6" }, { "vulnerability": "VCID-5657-kcyh-7bc2" }, { "vulnerability": "VCID-araw-4wdy-hqcz" }, { "vulnerability": "VCID-mk34-h4nz-b3ey" }, { "vulnerability": "VCID-ngtc-xtjn-xbhp" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-tks3-6uv4-kygf" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" }, { "vulnerability": "VCID-znfm-ak2t-mqdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0" } ], "aliases": [ "CVE-2019-12922", "GHSA-4c9q-64gq-xhx4" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zyzp-aqd8-e3a9" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10113?format=api", "vulnerability_id": "VCID-986a-3m4g-83ge", "summary": "Cross-Site Request Forgery (CSRF)\nBy deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new `tables/routines`, deleting designer pages, `adding/deleting` users, updating user passwords, killing SQL processes.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19969", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64036", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64002", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64014", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.6397", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64005", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64017", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64006", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64024", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64038", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.63888", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.63947", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.63974", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.63934", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.63984", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19969" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19969", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19969" }, { "reference_url": "https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/106175", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/106175" }, { "reference_url": "https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/106175/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/106175/" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-7", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2018-7" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2018-7/" }, { "reference_url": "http://www.securityfocus.com/bid/106175", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106175" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19969", "reference_id": "CVE-2018-19969", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19969" }, { "reference_url": "https://github.com/advisories/GHSA-xwf2-53mc-r8hx", "reference_id": "GHSA-xwf2-53mc-r8hx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xwf2-53mc-r8hx" }, { "reference_url": "https://security.gentoo.org/glsa/201904-16", "reference_id": "GLSA-201904-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201904-16" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25832?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.7.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-5657-kcyh-7bc2" }, { "vulnerability": "VCID-br1c-5bzf-ufeu" }, { "vulnerability": "VCID-c91y-txcw-2kdy" }, { "vulnerability": "VCID-ebk2-vjau-57h9" }, { "vulnerability": "VCID-fchc-55te-akhe" }, { "vulnerability": "VCID-g6ud-92qe-hqcx" }, { "vulnerability": "VCID-gu4y-aeqx-mqak" }, { "vulnerability": "VCID-jma9-9uhu-xuc3" }, { "vulnerability": "VCID-mwtw-n1tv-hfd9" }, { "vulnerability": "VCID-ngtc-xtjn-xbhp" }, { "vulnerability": "VCID-qcra-cu62-43he" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-scu3-cfyc-9qfz" }, { "vulnerability": "VCID-tks3-6uv4-kygf" }, { "vulnerability": "VCID-yfja-ssw3-skh1" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" }, { "vulnerability": "VCID-znfm-ak2t-mqdd" }, { "vulnerability": "VCID-zyzp-aqd8-e3a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/33616?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-5657-kcyh-7bc2" }, { "vulnerability": "VCID-br1c-5bzf-ufeu" }, { "vulnerability": "VCID-g6ud-92qe-hqcx" }, { "vulnerability": "VCID-gu4y-aeqx-mqak" }, { "vulnerability": "VCID-jma9-9uhu-xuc3" }, { "vulnerability": "VCID-ngtc-xtjn-xbhp" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-scu3-cfyc-9qfz" }, { "vulnerability": "VCID-tks3-6uv4-kygf" }, { "vulnerability": "VCID-yfja-ssw3-skh1" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" }, { "vulnerability": "VCID-znfm-ak2t-mqdd" }, { "vulnerability": "VCID-zyzp-aqd8-e3a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/55566?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-2y3v-jnph-hfh4" }, { "vulnerability": "VCID-41mv-6vqr-sua6" }, { "vulnerability": "VCID-5657-kcyh-7bc2" }, { "vulnerability": "VCID-araw-4wdy-hqcz" }, { "vulnerability": "VCID-mk34-h4nz-b3ey" }, { "vulnerability": "VCID-ngtc-xtjn-xbhp" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-tks3-6uv4-kygf" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" }, { "vulnerability": "VCID-znfm-ak2t-mqdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0" } ], "aliases": [ "CVE-2018-19969", "GHSA-xwf2-53mc-r8hx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-986a-3m4g-83ge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10108?format=api", "vulnerability_id": "VCID-ebk2-vjau-57h9", "summary": "Information Exposure\nAn attacker can exploit phpMyAdm to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19968", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02543", "scoring_system": "epss", "scoring_elements": "0.85543", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02543", "scoring_system": "epss", "scoring_elements": "0.85397", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02543", "scoring_system": "epss", "scoring_elements": "0.85409", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02543", "scoring_system": "epss", "scoring_elements": "0.85429", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02543", "scoring_system": "epss", "scoring_elements": "0.85432", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02543", "scoring_system": "epss", "scoring_elements": "0.85453", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02543", "scoring_system": "epss", "scoring_elements": "0.85461", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02543", "scoring_system": "epss", "scoring_elements": "0.85475", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02543", "scoring_system": "epss", "scoring_elements": "0.85474", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02543", "scoring_system": "epss", "scoring_elements": "0.8547", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02543", "scoring_system": "epss", "scoring_elements": "0.85494", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02543", "scoring_system": "epss", "scoring_elements": "0.85498", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02543", "scoring_system": "epss", "scoring_elements": "0.85495", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02543", "scoring_system": "epss", "scoring_elements": "0.85517", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02543", "scoring_system": "epss", "scoring_elements": "0.85527", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02543", "scoring_system": "epss", "scoring_elements": "0.85526", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19968" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19968", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19968" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2018-6" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-6/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2018-6/" }, { "reference_url": "http://www.securityfocus.com/bid/106178", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/106178" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19968", "reference_id": "CVE-2018-19968", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19968" }, { "reference_url": "https://github.com/advisories/GHSA-xc97-r49q-cxgc", "reference_id": "GHSA-xc97-r49q-cxgc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xc97-r49q-cxgc" }, { "reference_url": "https://security.gentoo.org/glsa/201904-16", "reference_id": "GLSA-201904-16", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201904-16" }, { "reference_url": "https://usn.ubuntu.com/4639-1/", "reference_id": "USN-4639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4639-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4843-1/", "reference_id": "USN-USN-4843-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4843-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33616?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-5657-kcyh-7bc2" }, { "vulnerability": "VCID-br1c-5bzf-ufeu" }, { "vulnerability": "VCID-g6ud-92qe-hqcx" }, { "vulnerability": "VCID-gu4y-aeqx-mqak" }, { "vulnerability": "VCID-jma9-9uhu-xuc3" }, { "vulnerability": "VCID-ngtc-xtjn-xbhp" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-scu3-cfyc-9qfz" }, { "vulnerability": "VCID-tks3-6uv4-kygf" }, { "vulnerability": "VCID-yfja-ssw3-skh1" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" }, { "vulnerability": "VCID-znfm-ak2t-mqdd" }, { "vulnerability": "VCID-zyzp-aqd8-e3a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/55566?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-2y3v-jnph-hfh4" }, { "vulnerability": "VCID-41mv-6vqr-sua6" }, { "vulnerability": "VCID-5657-kcyh-7bc2" }, { "vulnerability": "VCID-araw-4wdy-hqcz" }, { "vulnerability": "VCID-mk34-h4nz-b3ey" }, { "vulnerability": "VCID-ngtc-xtjn-xbhp" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-tks3-6uv4-kygf" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" }, { "vulnerability": "VCID-znfm-ak2t-mqdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0" } ], "aliases": [ "CVE-2018-19968", "GHSA-xc97-r49q-cxgc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ebk2-vjau-57h9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10112?format=api", "vulnerability_id": "VCID-qcra-cu62-43he", "summary": "Cross-site Scripting\nIn phpMyAdm, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted `database/table` name.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19970", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81107", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81226", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.8121", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81205", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81198", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81175", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81178", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81176", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81139", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81146", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81159", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81141", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81074", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81083", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81135", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01501", "scoring_system": "epss", "scoring_elements": "0.81108", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19970" }, { "reference_url": "https://github.com/phpmyadmin/composer", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/phpmyadmin/composer" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyadmin.net/security/PMASA-2018-8" }, { "reference_url": "https://www.phpmyadmin.net/security/PMASA-2018-8/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.phpmyadmin.net/security/PMASA-2018-8/" }, { "reference_url": "http://www.securityfocus.com/bid/106181", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/106181" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19970", "reference_id": "CVE-2018-19970", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19970" }, { "reference_url": "https://github.com/advisories/GHSA-8987-93fh-rcwq", "reference_id": "GHSA-8987-93fh-rcwq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8987-93fh-rcwq" }, { "reference_url": "https://security.gentoo.org/glsa/201904-16", "reference_id": "GLSA-201904-16", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201904-16" }, { "reference_url": "https://usn.ubuntu.com/4639-1/", "reference_id": "USN-4639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4639-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4843-1/", "reference_id": "USN-USN-4843-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4843-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33616?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@4.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-5657-kcyh-7bc2" }, { "vulnerability": "VCID-br1c-5bzf-ufeu" }, { "vulnerability": "VCID-g6ud-92qe-hqcx" }, { "vulnerability": "VCID-gu4y-aeqx-mqak" }, { "vulnerability": "VCID-jma9-9uhu-xuc3" }, { "vulnerability": "VCID-ngtc-xtjn-xbhp" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-scu3-cfyc-9qfz" }, { "vulnerability": "VCID-tks3-6uv4-kygf" }, { "vulnerability": "VCID-yfja-ssw3-skh1" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" }, { "vulnerability": "VCID-znfm-ak2t-mqdd" }, { "vulnerability": "VCID-zyzp-aqd8-e3a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/55566?format=api", "purl": "pkg:composer/phpmyadmin/phpmyadmin@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jjv-4en4-e3gx" }, { "vulnerability": "VCID-2y3v-jnph-hfh4" }, { "vulnerability": "VCID-41mv-6vqr-sua6" }, { "vulnerability": "VCID-5657-kcyh-7bc2" }, { "vulnerability": "VCID-araw-4wdy-hqcz" }, { "vulnerability": "VCID-mk34-h4nz-b3ey" }, { "vulnerability": "VCID-ngtc-xtjn-xbhp" }, { "vulnerability": "VCID-rqy8-n6fr-hqey" }, { "vulnerability": "VCID-tks3-6uv4-kygf" }, { "vulnerability": "VCID-ym9b-4su6-6fbr" }, { "vulnerability": "VCID-znfm-ak2t-mqdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0" } ], "aliases": [ "CVE-2018-19970", "GHSA-8987-93fh-rcwq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qcra-cu62-43he" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.4" }