Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/phpmyadmin/phpmyadmin@4.7.6

Type composer

Namespace phpmyadmin

Name phpmyadmin

Version 4.7.6

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.9.11

Latest_non_vulnerable_version 5.2.2

Affected_by_vulnerabilities

url VCID-3fqj-9fn2-uqhe

vulnerability_id VCID-3fqj-9fn2-uqhe

summary An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-15605

reference_id

reference_type

scores

value	0.00671
scoring_system	epss
scoring_elements	0.71949
published_at	2026-06-13T12:55:00Z

value	0.00671
scoring_system	epss
scoring_elements	0.71945
published_at	2026-06-14T12:55:00Z

value	0.00675
scoring_system	epss
scoring_elements	0.71936
published_at	2026-06-11T12:55:00Z

value	0.00675
scoring_system	epss
scoring_elements	0.72021
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-15605

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/00d90b3ae415b31338f76263359467a9fbebd0a1

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/00d90b3ae415b31338f76263359467a9fbebd0a1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-15605

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-15605

reference_url

https://www.phpmyadmin.net/security/PMASA-2018-5

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2018-5

reference_url	https://www.phpmyadmin.net/security/PMASA-2018-5/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2018-5/

reference_url

http://www.securityfocus.com/bid/105168

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/105168

reference_url

http://www.securitytracker.com/id/1041548

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1041548

reference_url

https://github.com/advisories/GHSA-c958-4j9x-q7w4

reference_id

GHSA-c958-4j9x-q7w4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c958-4j9x-q7w4

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.8.3

purl pkg:composer/phpmyadmin/phpmyadmin@4.8.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-5vg7-fddm-sqfr

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-b55b-rsv5-4ydv

vulnerability	VCID-cauk-7k6d-hbdd

vulnerability	VCID-cmu6-m7cr-7fa7

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-fkv9-r3fc-zyau

vulnerability	VCID-h5ft-zg32-myhg

vulnerability	VCID-m92n-w5zs-qkfr

vulnerability	VCID-ngjc-296q-f3fu

vulnerability	VCID-nwea-842b-hbet

vulnerability	VCID-pu49-c9vu-rbec

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

vulnerability	VCID-w2y5-u1vp-xuh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.3

aliases CVE-2018-15605, GHSA-c958-4j9x-q7w4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3fqj-9fn2-uqhe

url VCID-4f9y-mpe6-akgc

vulnerability_id VCID-4f9y-mpe6-akgc

summary In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10802

reference_id

reference_type

scores

value	0.01229
scoring_system	epss
scoring_elements	0.79645
published_at	2026-06-14T12:55:00Z

value	0.01229
scoring_system	epss
scoring_elements	0.79637
published_at	2026-06-12T12:55:00Z

value	0.01229
scoring_system	epss
scoring_elements	0.79652
published_at	2026-06-13T12:55:00Z

value	0.01229
scoring_system	epss
scoring_elements	0.79571
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10802

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10802.yaml

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10802.yaml

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10802

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10802

reference_url

https://www.phpmyadmin.net/security/PMASA-2020-3

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2020-3

reference_url	https://www.phpmyadmin.net/security/PMASA-2020-3/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2020-3/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954665
reference_id	954665
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954665

reference_url

https://github.com/advisories/GHSA-f4cr-3xmc-2wpm

reference_id

GHSA-f4cr-3xmc-2wpm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f4cr-3xmc-2wpm

reference_url	https://usn.ubuntu.com/4639-1/
reference_id	USN-4639-1
reference_type
scores
url	https://usn.ubuntu.com/4639-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.9.5

purl pkg:composer/phpmyadmin/phpmyadmin@4.9.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-k8q3-v7cc-7yhq

vulnerability	VCID-rzd6-pqqs-a3em

vulnerability	VCID-vb6g-x173-9khp

vulnerability	VCID-xsbv-xna2-qfeb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.5

url pkg:composer/phpmyadmin/phpmyadmin@5.0.2

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-87ne-4523-v7fa

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-k8q3-v7cc-7yhq

vulnerability	VCID-p55p-hbqm-xqg1

vulnerability	VCID-rzd6-pqqs-a3em

vulnerability	VCID-vb6g-x173-9khp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.2

aliases CVE-2020-10802, GHSA-f4cr-3xmc-2wpm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4f9y-mpe6-akgc

url VCID-5vg7-fddm-sqfr

vulnerability_id VCID-5vg7-fddm-sqfr

summary An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12616

reference_id

reference_type

scores

value	0.49922
scoring_system	epss
scoring_elements	0.97875
published_at	2026-06-11T12:55:00Z

value	0.49922
scoring_system	epss
scoring_elements	0.97884
published_at	2026-06-12T12:55:00Z

value	0.49922
scoring_system	epss
scoring_elements	0.97885
published_at	2026-06-13T12:55:00Z

value	0.49922
scoring_system	epss
scoring_elements	0.97886
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12616

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12616
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12616

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/015c404038c44279d95b6430ee5a0dddc97691ec

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/015c404038c44279d95b6430ee5a0dddc97691ec

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12616

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12616

reference_url

https://packetstormsecurity.com/files/153251/phpMyAdmin-4.8-Cross-Site-Request-Forgery.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://packetstormsecurity.com/files/153251/phpMyAdmin-4.8-Cross-Site-Request-Forgery.html

reference_url	https://www.phpmyadmin.net/security/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/

reference_url

https://www.phpmyadmin.net/security/PMASA-2019-4

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2019-4

reference_url	https://www.phpmyadmin.net/security/PMASA-2019-4/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2019-4/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930017
reference_id	930017
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930017

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46982.txt
reference_id	CVE-2019-12616
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46982.txt

reference_url

https://github.com/advisories/GHSA-mfr9-pcm3-6mwc

reference_id

GHSA-mfr9-pcm3-6mwc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mfr9-pcm3-6mwc

reference_url	https://usn.ubuntu.com/4639-1/
reference_id	USN-4639-1
reference_type
scores
url	https://usn.ubuntu.com/4639-1/

reference_url	https://usn.ubuntu.com/USN-4843-1/
reference_id	USN-USN-4843-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4843-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.9.0

purl pkg:composer/phpmyadmin/phpmyadmin@4.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-b55b-rsv5-4ydv

vulnerability	VCID-cauk-7k6d-hbdd

vulnerability	VCID-cmu6-m7cr-7fa7

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-h5ft-zg32-myhg

vulnerability	VCID-k8q3-v7cc-7yhq

vulnerability	VCID-rzd6-pqqs-a3em

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

vulnerability	VCID-w2y5-u1vp-xuh6

vulnerability	VCID-xsbv-xna2-qfeb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.0

aliases CVE-2019-12616, GHSA-mfr9-pcm3-6mwc

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5vg7-fddm-sqfr

url VCID-7ab3-tj6r-r3g7

vulnerability_id VCID-7ab3-tj6r-r3g7

summary In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-25727

reference_id

reference_type

scores

value	0.09658
scoring_system	epss
scoring_elements	0.931
published_at	2026-06-14T12:55:00Z

value	0.09658
scoring_system	epss
scoring_elements	0.93075
published_at	2026-06-11T12:55:00Z

value	0.09658
scoring_system	epss
scoring_elements	0.93101
published_at	2026-06-13T12:55:00Z

value	0.09658
scoring_system	epss
scoring_elements	0.93099
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-25727

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25727
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25727

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/53f70fd7f3b388639922e6cc1ca51fbe890c91cc

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/53f70fd7f3b388639922e6cc1ca51fbe890c91cc

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-25727

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-25727

reference_url

https://www.phpmyadmin.net/security/PMASA-2023-1

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2023-1

reference_url

https://github.com/advisories/GHSA-6hr3-44gx-g6wh

reference_id

GHSA-6hr3-44gx-g6wh

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6hr3-44gx-g6wh

reference_url

https://www.phpmyadmin.net/security/PMASA-2023-1/

reference_id

PMASA-2023-1

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:52:37Z/

url

https://www.phpmyadmin.net/security/PMASA-2023-1/

fixed_packages

url	pkg:composer/phpmyadmin/phpmyadmin@4.9.11
purl	pkg:composer/phpmyadmin/phpmyadmin@4.9.11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.11

url pkg:composer/phpmyadmin/phpmyadmin@5.2.1

purl pkg:composer/phpmyadmin/phpmyadmin@5.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-87ne-4523-v7fa

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.2.1

aliases CVE-2023-25727, GHSA-6hr3-44gx-g6wh

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ab3-tj6r-r3g7

url VCID-7k46-nxcx-zfdz

vulnerability_id VCID-7k46-nxcx-zfdz

summary An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12581

reference_id

reference_type

scores

value	0.00393
scoring_system	epss
scoring_elements	0.60689
published_at	2026-06-11T12:55:00Z

value	0.00393
scoring_system	epss
scoring_elements	0.60795
published_at	2026-06-12T12:55:00Z

value	0.00393
scoring_system	epss
scoring_elements	0.60804
published_at	2026-06-13T12:55:00Z

value	0.00393
scoring_system	epss
scoring_elements	0.60796
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12581

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12581
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12581

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/6943fff87324bd54c3a37a5160a5fb77498c355e

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/6943fff87324bd54c3a37a5160a5fb77498c355e

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12581

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12581

reference_url

https://web.archive.org/web/20210124181711/http://www.securityfocus.com/bid/104530

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210124181711/http://www.securityfocus.com/bid/104530

reference_url

https://web.archive.org/web/20210413204012/http://www.securitytracker.com/id/1041187

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210413204012/http://www.securitytracker.com/id/1041187

reference_url

https://www.phpmyadmin.net/security/PMASA-2018-3

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2018-3

reference_url	https://www.phpmyadmin.net/security/PMASA-2018-3/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2018-3/

reference_url	http://www.securityfocus.com/bid/104530
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104530

reference_url	http://www.securitytracker.com/id/1041187
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1041187

reference_url

https://github.com/advisories/GHSA-vxj6-pm6r-23hq

reference_id

GHSA-vxj6-pm6r-23hq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vxj6-pm6r-23hq

reference_url	https://usn.ubuntu.com/USN-4843-1/
reference_id	USN-USN-4843-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4843-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.8.2

purl pkg:composer/phpmyadmin/phpmyadmin@4.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3fqj-9fn2-uqhe

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-5vg7-fddm-sqfr

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-b55b-rsv5-4ydv

vulnerability	VCID-cauk-7k6d-hbdd

vulnerability	VCID-cmu6-m7cr-7fa7

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-fkv9-r3fc-zyau

vulnerability	VCID-h5ft-zg32-myhg

vulnerability	VCID-m92n-w5zs-qkfr

vulnerability	VCID-ngjc-296q-f3fu

vulnerability	VCID-nwea-842b-hbet

vulnerability	VCID-pu49-c9vu-rbec

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

vulnerability	VCID-w2y5-u1vp-xuh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.2

url pkg:composer/phpmyadmin/phpmyadmin@5.0.0

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-87ne-4523-v7fa

vulnerability	VCID-arcu-5cnd-wkdk

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-h5ft-zg32-myhg

vulnerability	VCID-k8q3-v7cc-7yhq

vulnerability	VCID-rzd6-pqqs-a3em

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0

aliases CVE-2018-12581, GHSA-vxj6-pm6r-23hq

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7k46-nxcx-zfdz

url VCID-b55b-rsv5-4ydv

vulnerability_id VCID-b55b-rsv5-4ydv

summary An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11768

reference_id

reference_type

scores

value	0.01109
scoring_system	epss
scoring_elements	0.78539
published_at	2026-06-11T12:55:00Z

value	0.01109
scoring_system	epss
scoring_elements	0.78605
published_at	2026-06-12T12:55:00Z

value	0.01109
scoring_system	epss
scoring_elements	0.78623
published_at	2026-06-13T12:55:00Z

value	0.01109
scoring_system	epss
scoring_elements	0.78618
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11768

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11768
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11768

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/c1ecafc38319e8f768c9259d4d580e42acd5ee86

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/c1ecafc38319e8f768c9259d4d580e42acd5ee86

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-11768

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-11768

reference_url

https://www.phpmyadmin.net/security/PMASA-2019-3

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2019-3

reference_url	https://www.phpmyadmin.net/security/PMASA-2019-3/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2019-3/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930048
reference_id	930048
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930048

reference_url

https://github.com/advisories/GHSA-x37v-98f9-mj32

reference_id

GHSA-x37v-98f9-mj32

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x37v-98f9-mj32

reference_url	https://usn.ubuntu.com/4639-1/
reference_id	USN-4639-1
reference_type
scores
url	https://usn.ubuntu.com/4639-1/

reference_url	https://usn.ubuntu.com/USN-4843-1/
reference_id	USN-USN-4843-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4843-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.9.0%2B1

purl pkg:composer/phpmyadmin/phpmyadmin@4.9.0%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cmu6-m7cr-7fa7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.0%252B1

url pkg:composer/phpmyadmin/phpmyadmin@4.9.0.1

purl pkg:composer/phpmyadmin/phpmyadmin@4.9.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-cauk-7k6d-hbdd

vulnerability	VCID-cmu6-m7cr-7fa7

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-h5ft-zg32-myhg

vulnerability	VCID-k8q3-v7cc-7yhq

vulnerability	VCID-rzd6-pqqs-a3em

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

vulnerability	VCID-w2y5-u1vp-xuh6

vulnerability	VCID-xsbv-xna2-qfeb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.0.1

aliases CVE-2019-11768, GHSA-x37v-98f9-mj32

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b55b-rsv5-4ydv

url VCID-cauk-7k6d-hbdd

vulnerability_id VCID-cauk-7k6d-hbdd

summary

An SQL injection vulnerability in phpMyAdmin may allow attackers to
    execute arbitrary SQL statements.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-18622

reference_id

reference_type

scores

value	0.00556
scoring_system	epss
scoring_elements	0.68702
published_at	2026-06-14T12:55:00Z

value	0.00556
scoring_system	epss
scoring_elements	0.68707
published_at	2026-06-13T12:55:00Z

value	0.00556
scoring_system	epss
scoring_elements	0.68693
published_at	2026-06-12T12:55:00Z

value	0.00556
scoring_system	epss
scoring_elements	0.68604
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-18622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18622

reference_url

https://github.com/phpmyadmin/composer/commit/51acbf53564d9b52e78509a5688ec2b68976b5f7

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer/commit/51acbf53564d9b52e78509a5688ec2b68976b5f7

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH/

reference_url

https://www.phpmyadmin.net/security/PMASA-2019-5

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2019-5

reference_url	https://www.phpmyadmin.net/security/PMASA-2019-5/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2019-5/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945349
reference_id	945349
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945349

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-18622

reference_id

CVE-2019-18622

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-18622

reference_url

https://github.com/advisories/GHSA-jgjc-332c-8cmc

reference_id

GHSA-jgjc-332c-8cmc

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jgjc-332c-8cmc

reference_url

https://security.gentoo.org/glsa/202003-39

reference_id

GLSA-202003-39

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202003-39

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.9.2

purl pkg:composer/phpmyadmin/phpmyadmin@4.9.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-h5ft-zg32-myhg

vulnerability	VCID-k8q3-v7cc-7yhq

vulnerability	VCID-rzd6-pqqs-a3em

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

vulnerability	VCID-xsbv-xna2-qfeb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.2

url pkg:composer/phpmyadmin/phpmyadmin@5.0.0

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-87ne-4523-v7fa

vulnerability	VCID-arcu-5cnd-wkdk

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-h5ft-zg32-myhg

vulnerability	VCID-k8q3-v7cc-7yhq

vulnerability	VCID-rzd6-pqqs-a3em

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0

aliases CVE-2019-18622, GHSA-jgjc-332c-8cmc

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cauk-7k6d-hbdd

url VCID-cmu6-m7cr-7fa7

vulnerability_id VCID-cmu6-m7cr-7fa7

summary A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html

reference_url

http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12922

reference_id

reference_type

scores

value	0.31957
scoring_system	epss
scoring_elements	0.96929
published_at	2026-06-11T12:55:00Z

value	0.31957
scoring_system	epss
scoring_elements	0.96943
published_at	2026-06-13T12:55:00Z

value	0.31957
scoring_system	epss
scoring_elements	0.9694
published_at	2026-06-12T12:55:00Z

value	0.31957
scoring_system	epss
scoring_elements	0.96944
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12922

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12922
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12922

reference_url

http://seclists.org/fulldisclosure/2019/Sep/23

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2019/Sep/23

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN

reference_url

https://www.exploit-db.com/exploits/47385

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/47385

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/47385.txt
reference_id	CVE-2019-12922
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/47385.txt

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12922

reference_id

CVE-2019-12922

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12922

reference_url

https://github.com/advisories/GHSA-4c9q-64gq-xhx4

reference_id

GHSA-4c9q-64gq-xhx4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4c9q-64gq-xhx4

reference_url	https://usn.ubuntu.com/USN-4843-1/
reference_id	USN-USN-4843-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4843-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.9.1

purl pkg:composer/phpmyadmin/phpmyadmin@4.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-cauk-7k6d-hbdd

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-h5ft-zg32-myhg

vulnerability	VCID-k8q3-v7cc-7yhq

vulnerability	VCID-rzd6-pqqs-a3em

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

vulnerability	VCID-w2y5-u1vp-xuh6

vulnerability	VCID-xsbv-xna2-qfeb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.1

url pkg:composer/phpmyadmin/phpmyadmin@5.0.0

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-87ne-4523-v7fa

vulnerability	VCID-arcu-5cnd-wkdk

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-h5ft-zg32-myhg

vulnerability	VCID-k8q3-v7cc-7yhq

vulnerability	VCID-rzd6-pqqs-a3em

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0

aliases CVE-2019-12922, GHSA-4c9q-64gq-xhx4

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cmu6-m7cr-7fa7

url VCID-dv3f-h92r-37gs

vulnerability_id VCID-dv3f-h92r-37gs

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-22278

reference_id

reference_type

scores

value	0.00409
scoring_system	epss
scoring_elements	0.61683
published_at	2026-06-11T12:55:00Z

value	0.00409
scoring_system	epss
scoring_elements	0.61784
published_at	2026-06-12T12:55:00Z

value	0.00409
scoring_system	epss
scoring_elements	0.61792
published_at	2026-06-13T12:55:00Z

value	0.00409
scoring_system	epss
scoring_elements	0.61786
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-22278

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-22278
reference_id	CVE-2020-22278
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-22278

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@5.0.3

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-87ne-4523-v7fa

vulnerability	VCID-vb6g-x173-9khp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.3

aliases CVE-2020-22278

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dv3f-h92r-37gs

url VCID-e8jm-k1ee-v3dg

vulnerability_id VCID-e8jm-k1ee-v3dg

summary In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10804

reference_id

reference_type

scores

value	0.01913
scoring_system	epss
scoring_elements	0.83694
published_at	2026-06-11T12:55:00Z

value	0.01913
scoring_system	epss
scoring_elements	0.83752
published_at	2026-06-12T12:55:00Z

value	0.01913
scoring_system	epss
scoring_elements	0.83761
published_at	2026-06-13T12:55:00Z

value	0.01913
scoring_system	epss
scoring_elements	0.83758
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10804

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10804.yaml

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10804.yaml

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10804

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10804

reference_url

https://www.phpmyadmin.net/security/PMASA-2020-2

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2020-2

reference_url	https://www.phpmyadmin.net/security/PMASA-2020-2/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2020-2/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954667
reference_id	954667
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954667

reference_url

https://github.com/advisories/GHSA-h65r-8fp8-w7cx

reference_id

GHSA-h65r-8fp8-w7cx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h65r-8fp8-w7cx

reference_url	https://usn.ubuntu.com/4639-1/
reference_id	USN-4639-1
reference_type
scores
url	https://usn.ubuntu.com/4639-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.9.5

purl pkg:composer/phpmyadmin/phpmyadmin@4.9.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-k8q3-v7cc-7yhq

vulnerability	VCID-rzd6-pqqs-a3em

vulnerability	VCID-vb6g-x173-9khp

vulnerability	VCID-xsbv-xna2-qfeb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.5

url pkg:composer/phpmyadmin/phpmyadmin@5.0.2

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-87ne-4523-v7fa

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-k8q3-v7cc-7yhq

vulnerability	VCID-p55p-hbqm-xqg1

vulnerability	VCID-rzd6-pqqs-a3em

vulnerability	VCID-vb6g-x173-9khp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.2

aliases CVE-2020-10804, GHSA-h65r-8fp8-w7cx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e8jm-k1ee-v3dg

url VCID-fkv9-r3fc-zyau

vulnerability_id VCID-fkv9-r3fc-zyau

summary

Multiple vulnerabilities have been found in phpMyAdmin, the worst
    of which could result in the arbitrary execution of code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-19969

reference_id

reference_type

scores

value	0.00437
scoring_system	epss
scoring_elements	0.63522
published_at	2026-06-11T12:55:00Z

value	0.00437
scoring_system	epss
scoring_elements	0.63623
published_at	2026-06-12T12:55:00Z

value	0.00437
scoring_system	epss
scoring_elements	0.63638
published_at	2026-06-13T12:55:00Z

value	0.00437
scoring_system	epss
scoring_elements	0.63634
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-19969

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19969
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19969

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-19969

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-19969

reference_url

https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/106175

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/106175

reference_url	https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/106175/
reference_id
reference_type
scores
url	https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/106175/

reference_url

https://www.phpmyadmin.net/security/PMASA-2018-7

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2018-7

reference_url	https://www.phpmyadmin.net/security/PMASA-2018-7/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2018-7/

reference_url	http://www.securityfocus.com/bid/106175
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106175

reference_url

https://github.com/advisories/GHSA-xwf2-53mc-r8hx

reference_id

GHSA-xwf2-53mc-r8hx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xwf2-53mc-r8hx

reference_url

https://security.gentoo.org/glsa/201904-16

reference_id

GLSA-201904-16

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201904-16

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.7.7

purl pkg:composer/phpmyadmin/phpmyadmin@4.7.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3fqj-9fn2-uqhe

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-5vg7-fddm-sqfr

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-7k46-nxcx-zfdz

vulnerability	VCID-b55b-rsv5-4ydv

vulnerability	VCID-cauk-7k6d-hbdd

vulnerability	VCID-cmu6-m7cr-7fa7

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-h5ft-zg32-myhg

vulnerability	VCID-m92n-w5zs-qkfr

vulnerability	VCID-mdf6-k5zm-5uen

vulnerability	VCID-ngjc-296q-f3fu

vulnerability	VCID-nwea-842b-hbet

vulnerability	VCID-pu49-c9vu-rbec

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

vulnerability	VCID-w2y5-u1vp-xuh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.7

url pkg:composer/phpmyadmin/phpmyadmin@4.8.4

purl pkg:composer/phpmyadmin/phpmyadmin@4.8.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-5vg7-fddm-sqfr

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-b55b-rsv5-4ydv

vulnerability	VCID-cauk-7k6d-hbdd

vulnerability	VCID-cmu6-m7cr-7fa7

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-h5ft-zg32-myhg

vulnerability	VCID-ngjc-296q-f3fu

vulnerability	VCID-pu49-c9vu-rbec

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

vulnerability	VCID-w2y5-u1vp-xuh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.4

url pkg:composer/phpmyadmin/phpmyadmin@5.0.0

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-87ne-4523-v7fa

vulnerability	VCID-arcu-5cnd-wkdk

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-h5ft-zg32-myhg

vulnerability	VCID-k8q3-v7cc-7yhq

vulnerability	VCID-rzd6-pqqs-a3em

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0

aliases CVE-2018-19969, GHSA-xwf2-53mc-r8hx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fkv9-r3fc-zyau

url VCID-h5ft-zg32-myhg

vulnerability_id VCID-h5ft-zg32-myhg

summary In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-5504

reference_id

reference_type

scores

value	0.2219
scoring_system	epss
scoring_elements	0.9593
published_at	2026-06-11T12:55:00Z

value	0.2219
scoring_system	epss
scoring_elements	0.95943
published_at	2026-06-12T12:55:00Z

value	0.2219
scoring_system	epss
scoring_elements	0.95944
published_at	2026-06-13T12:55:00Z

value	0.2219
scoring_system	epss
scoring_elements	0.95947
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-5504

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5504
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5504

reference_url

https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-5504.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-5504.yaml

reference_url

https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-5504.md

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-5504.md

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-5504

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-5504

reference_url

https://www.phpmyadmin.net/security/PMASA-2020-1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2020-1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948718
reference_id	948718
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948718

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52451.txt
reference_id	CVE-2020-5504
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52451.txt

reference_url

https://github.com/advisories/GHSA-fgj8-93xx-f6g6

reference_id

GHSA-fgj8-93xx-f6g6

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fgj8-93xx-f6g6

reference_url	https://usn.ubuntu.com/4639-1/
reference_id	USN-4639-1
reference_type
scores
url	https://usn.ubuntu.com/4639-1/

reference_url	https://usn.ubuntu.com/USN-4843-1/
reference_id	USN-USN-4843-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4843-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.9.4

purl pkg:composer/phpmyadmin/phpmyadmin@4.9.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-k8q3-v7cc-7yhq

vulnerability	VCID-rzd6-pqqs-a3em

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

vulnerability	VCID-xsbv-xna2-qfeb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.4

url pkg:composer/phpmyadmin/phpmyadmin@5.0.1

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-87ne-4523-v7fa

vulnerability	VCID-arcu-5cnd-wkdk

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-k8q3-v7cc-7yhq

vulnerability	VCID-rzd6-pqqs-a3em

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.1

aliases CVE-2020-5504, GHSA-fgj8-93xx-f6g6

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h5ft-zg32-myhg

url VCID-m92n-w5zs-qkfr

vulnerability_id VCID-m92n-w5zs-qkfr

summary

Multiple vulnerabilities have been found in phpMyAdmin, the worst
    of which could result in the arbitrary execution of code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-19970

reference_id

reference_type

scores

value	0.01296
scoring_system	epss
scoring_elements	0.80112
published_at	2026-06-11T12:55:00Z

value	0.01296
scoring_system	epss
scoring_elements	0.80175
published_at	2026-06-12T12:55:00Z

value	0.01296
scoring_system	epss
scoring_elements	0.8019
published_at	2026-06-13T12:55:00Z

value	0.01296
scoring_system	epss
scoring_elements	0.80182
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-19970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19970

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-19970

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-19970

reference_url

https://www.phpmyadmin.net/security/PMASA-2018-8

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2018-8

reference_url	https://www.phpmyadmin.net/security/PMASA-2018-8/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2018-8/

reference_url

http://www.securityfocus.com/bid/106181

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/106181

reference_url

https://github.com/advisories/GHSA-8987-93fh-rcwq

reference_id

GHSA-8987-93fh-rcwq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8987-93fh-rcwq

reference_url

https://security.gentoo.org/glsa/201904-16

reference_id

GLSA-201904-16

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201904-16

reference_url	https://usn.ubuntu.com/4639-1/
reference_id	USN-4639-1
reference_type
scores
url	https://usn.ubuntu.com/4639-1/

reference_url	https://usn.ubuntu.com/USN-4843-1/
reference_id	USN-USN-4843-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4843-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.8.4

purl pkg:composer/phpmyadmin/phpmyadmin@4.8.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-5vg7-fddm-sqfr

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-b55b-rsv5-4ydv

vulnerability	VCID-cauk-7k6d-hbdd

vulnerability	VCID-cmu6-m7cr-7fa7

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-h5ft-zg32-myhg

vulnerability	VCID-ngjc-296q-f3fu

vulnerability	VCID-pu49-c9vu-rbec

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

vulnerability	VCID-w2y5-u1vp-xuh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.4

url pkg:composer/phpmyadmin/phpmyadmin@5.0.0

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-87ne-4523-v7fa

vulnerability	VCID-arcu-5cnd-wkdk

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-h5ft-zg32-myhg

vulnerability	VCID-k8q3-v7cc-7yhq

vulnerability	VCID-rzd6-pqqs-a3em

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0

aliases CVE-2018-19970, GHSA-8987-93fh-rcwq

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m92n-w5zs-qkfr

url VCID-mdf6-k5zm-5uen

vulnerability_id VCID-mdf6-k5zm-5uen

summary cross-site scripting

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-7260

reference_id

reference_type

scores

value	0.00302
scoring_system	epss
scoring_elements	0.5401
published_at	2026-06-14T12:55:00Z

value	0.00302
scoring_system	epss
scoring_elements	0.53881
published_at	2026-06-11T12:55:00Z

value	0.00302
scoring_system	epss
scoring_elements	0.54006
published_at	2026-06-12T12:55:00Z

value	0.00302
scoring_system	epss
scoring_elements	0.54023
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-7260

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7260
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7260

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-7260

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-7260

reference_url

https://udiniya.wordpress.com/2018/02/21/a-tale-of-stealing-session-cookie-in-phpmyadmin

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://udiniya.wordpress.com/2018/02/21/a-tale-of-stealing-session-cookie-in-phpmyadmin

reference_url

https://www.phpmyadmin.net/security/PMASA-2018-1

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2018-1

reference_url	https://www.phpmyadmin.net/security/PMASA-2018-1/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2018-1/

reference_url

http://www.securityfocus.com/bid/103099

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/103099

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893539
reference_id	893539
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893539

reference_url	https://security.archlinux.org/ASA-201802-11
reference_id	ASA-201802-11
reference_type
scores
url	https://security.archlinux.org/ASA-201802-11

reference_url

https://security.archlinux.org/AVG-630

reference_id

AVG-630

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-630

reference_url

https://github.com/advisories/GHSA-gqmj-f46x-wqhw

reference_id

GHSA-gqmj-f46x-wqhw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gqmj-f46x-wqhw

reference_url	https://usn.ubuntu.com/4639-1/
reference_id	USN-4639-1
reference_type
scores
url	https://usn.ubuntu.com/4639-1/

reference_url	https://usn.ubuntu.com/USN-4843-1/
reference_id	USN-USN-4843-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4843-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.7.8

purl pkg:composer/phpmyadmin/phpmyadmin@4.7.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3fqj-9fn2-uqhe

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-5vg7-fddm-sqfr

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-7k46-nxcx-zfdz

vulnerability	VCID-b55b-rsv5-4ydv

vulnerability	VCID-cauk-7k6d-hbdd

vulnerability	VCID-cmu6-m7cr-7fa7

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-h5ft-zg32-myhg

vulnerability	VCID-m92n-w5zs-qkfr

vulnerability	VCID-ngjc-296q-f3fu

vulnerability	VCID-nwea-842b-hbet

vulnerability	VCID-pu49-c9vu-rbec

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

vulnerability	VCID-w2y5-u1vp-xuh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.8

url pkg:composer/phpmyadmin/phpmyadmin@5.0.0

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-87ne-4523-v7fa

vulnerability	VCID-arcu-5cnd-wkdk

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-h5ft-zg32-myhg

vulnerability	VCID-k8q3-v7cc-7yhq

vulnerability	VCID-rzd6-pqqs-a3em

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0

aliases CVE-2018-7260, GHSA-gqmj-f46x-wqhw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mdf6-k5zm-5uen

url VCID-ngjc-296q-f3fu

vulnerability_id VCID-ngjc-296q-f3fu

summary An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-6799

reference_id

reference_type

scores

value	0.76961
scoring_system	epss
scoring_elements	0.98986
published_at	2026-06-14T12:55:00Z

value	0.76961
scoring_system	epss
scoring_elements	0.98982
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-6799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6799

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://lists.debian.org/debian-lts-announce/2019/02/msg00039.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/02/msg00039.html

reference_url

https://www.phpmyadmin.net/security/PMASA-2019-1

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2019-1

reference_url	https://www.phpmyadmin.net/security/PMASA-2019-1/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2019-1/

reference_url

http://www.securityfocus.com/bid/106736

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/106736

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920823
reference_id	920823
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920823

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-6799

reference_id

CVE-2019-6799

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-6799

reference_url

https://github.com/advisories/GHSA-c8wj-q36q-3wg4

reference_id

GHSA-c8wj-q36q-3wg4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c8wj-q36q-3wg4

reference_url	https://usn.ubuntu.com/4639-1/
reference_id	USN-4639-1
reference_type
scores
url	https://usn.ubuntu.com/4639-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.8.5

purl pkg:composer/phpmyadmin/phpmyadmin@4.8.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-5vg7-fddm-sqfr

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-b55b-rsv5-4ydv

vulnerability	VCID-cauk-7k6d-hbdd

vulnerability	VCID-cmu6-m7cr-7fa7

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-h5ft-zg32-myhg

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

vulnerability	VCID-w2y5-u1vp-xuh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.5

url pkg:composer/phpmyadmin/phpmyadmin@5.0.0

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-87ne-4523-v7fa

vulnerability	VCID-arcu-5cnd-wkdk

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-h5ft-zg32-myhg

vulnerability	VCID-k8q3-v7cc-7yhq

vulnerability	VCID-rzd6-pqqs-a3em

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0

aliases CVE-2019-6799, GHSA-c8wj-q36q-3wg4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ngjc-296q-f3fu

url VCID-nwea-842b-hbet

vulnerability_id VCID-nwea-842b-hbet

summary

Multiple vulnerabilities have been found in phpMyAdmin, the worst
    of which could result in the arbitrary execution of code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-19968

reference_id

reference_type

scores

value	0.02384
scoring_system	epss
scoring_elements	0.85341
published_at	2026-06-11T12:55:00Z

value	0.02384
scoring_system	epss
scoring_elements	0.85393
published_at	2026-06-12T12:55:00Z

value	0.02384
scoring_system	epss
scoring_elements	0.85402
published_at	2026-06-13T12:55:00Z

value	0.02384
scoring_system	epss
scoring_elements	0.85395
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-19968

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19968
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19968

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732

reference_url

https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-19968

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-19968

reference_url

https://www.phpmyadmin.net/security/PMASA-2018-6

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2018-6

reference_url	https://www.phpmyadmin.net/security/PMASA-2018-6/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2018-6/

reference_url

http://www.securityfocus.com/bid/106178

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/106178

reference_url

https://github.com/advisories/GHSA-xc97-r49q-cxgc

reference_id

GHSA-xc97-r49q-cxgc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xc97-r49q-cxgc

reference_url

https://security.gentoo.org/glsa/201904-16

reference_id

GLSA-201904-16

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201904-16

reference_url	https://usn.ubuntu.com/4639-1/
reference_id	USN-4639-1
reference_type
scores
url	https://usn.ubuntu.com/4639-1/

reference_url	https://usn.ubuntu.com/USN-4843-1/
reference_id	USN-USN-4843-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4843-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.8.4

purl pkg:composer/phpmyadmin/phpmyadmin@4.8.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-5vg7-fddm-sqfr

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-b55b-rsv5-4ydv

vulnerability	VCID-cauk-7k6d-hbdd

vulnerability	VCID-cmu6-m7cr-7fa7

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-h5ft-zg32-myhg

vulnerability	VCID-ngjc-296q-f3fu

vulnerability	VCID-pu49-c9vu-rbec

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

vulnerability	VCID-w2y5-u1vp-xuh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.4

url pkg:composer/phpmyadmin/phpmyadmin@5.0.0

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-87ne-4523-v7fa

vulnerability	VCID-arcu-5cnd-wkdk

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-h5ft-zg32-myhg

vulnerability	VCID-k8q3-v7cc-7yhq

vulnerability	VCID-rzd6-pqqs-a3em

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0

aliases CVE-2018-19968, GHSA-xc97-r49q-cxgc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nwea-842b-hbet

url VCID-pu49-c9vu-rbec

vulnerability_id VCID-pu49-c9vu-rbec

summary An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-6798

reference_id

reference_type

scores

value	0.00394
scoring_system	epss
scoring_elements	0.6071
published_at	2026-06-11T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60815
published_at	2026-06-12T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60825
published_at	2026-06-13T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60816
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-6798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6798

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-6798

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-6798

reference_url

https://www.phpmyadmin.net/security/PMASA-2019-2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2019-2

reference_url	https://www.phpmyadmin.net/security/PMASA-2019-2/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2019-2/

reference_url

http://www.securityfocus.com/bid/106727

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/106727

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920822
reference_id	920822
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920822

reference_url

https://github.com/advisories/GHSA-f732-fxh6-g4qj

reference_id

GHSA-f732-fxh6-g4qj

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f732-fxh6-g4qj

reference_url	https://usn.ubuntu.com/4639-1/
reference_id	USN-4639-1
reference_type
scores
url	https://usn.ubuntu.com/4639-1/

reference_url	https://usn.ubuntu.com/USN-4843-1/
reference_id	USN-USN-4843-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4843-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.8.5

purl pkg:composer/phpmyadmin/phpmyadmin@4.8.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-5vg7-fddm-sqfr

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-b55b-rsv5-4ydv

vulnerability	VCID-cauk-7k6d-hbdd

vulnerability	VCID-cmu6-m7cr-7fa7

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-h5ft-zg32-myhg

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

vulnerability	VCID-w2y5-u1vp-xuh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.5

url pkg:composer/phpmyadmin/phpmyadmin@5.0.0

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-87ne-4523-v7fa

vulnerability	VCID-arcu-5cnd-wkdk

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-h5ft-zg32-myhg

vulnerability	VCID-k8q3-v7cc-7yhq

vulnerability	VCID-rzd6-pqqs-a3em

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0

aliases CVE-2019-6798, GHSA-f732-fxh6-g4qj

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pu49-c9vu-rbec

url VCID-sya2-1y7u-b7hu

vulnerability_id VCID-sya2-1y7u-b7hu

summary In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10803

reference_id

reference_type

scores

value	0.02712
scoring_system	epss
scoring_elements	0.86238
published_at	2026-06-11T12:55:00Z

value	0.02712
scoring_system	epss
scoring_elements	0.86289
published_at	2026-06-12T12:55:00Z

value	0.02712
scoring_system	epss
scoring_elements	0.86299
published_at	2026-06-13T12:55:00Z

value	0.02712
scoring_system	epss
scoring_elements	0.86297
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10803

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10803.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10803.yaml

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10803

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10803

reference_url

https://www.phpmyadmin.net/security/PMASA-2020-4

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2020-4

reference_url	https://www.phpmyadmin.net/security/PMASA-2020-4/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2020-4/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954666
reference_id	954666
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954666

reference_url

https://github.com/advisories/GHSA-fcww-8wvc-38q9

reference_id

GHSA-fcww-8wvc-38q9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fcww-8wvc-38q9

reference_url	https://usn.ubuntu.com/4639-1/
reference_id	USN-4639-1
reference_type
scores
url	https://usn.ubuntu.com/4639-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.9.5

purl pkg:composer/phpmyadmin/phpmyadmin@4.9.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-k8q3-v7cc-7yhq

vulnerability	VCID-rzd6-pqqs-a3em

vulnerability	VCID-vb6g-x173-9khp

vulnerability	VCID-xsbv-xna2-qfeb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.5

url pkg:composer/phpmyadmin/phpmyadmin@5.0.2

purl pkg:composer/phpmyadmin/phpmyadmin@5.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-87ne-4523-v7fa

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-k8q3-v7cc-7yhq

vulnerability	VCID-p55p-hbqm-xqg1

vulnerability	VCID-rzd6-pqqs-a3em

vulnerability	VCID-vb6g-x173-9khp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.2

aliases CVE-2020-10803, GHSA-fcww-8wvc-38q9

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sya2-1y7u-b7hu

url VCID-ucfd-2whz-j3ep

vulnerability_id VCID-ucfd-2whz-j3ep

summary phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.

references

reference_url

http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click

reference_url	http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/
reference_id
reference_type
scores
url	http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000499

reference_id

reference_type

scores

value	0.11439
scoring_system	epss
scoring_elements	0.9376
published_at	2026-06-11T12:55:00Z

value	0.11439
scoring_system	epss
scoring_elements	0.9378
published_at	2026-06-12T12:55:00Z

value	0.11439
scoring_system	epss
scoring_elements	0.93784
published_at	2026-06-13T12:55:00Z

value	0.11439
scoring_system	epss
scoring_elements	0.93786
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000499

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000499

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000499

reference_url

https://web.archive.org/web/20201208204518/http://www.securitytracker.com/id/1040163

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201208204518/http://www.securitytracker.com/id/1040163

reference_url

https://www.exploit-db.com/exploits/45284

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/45284

reference_url	https://www.exploit-db.com/exploits/45284/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/45284/

reference_url

https://www.phpmyadmin.net/security/PMASA-2017-9

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2017-9

reference_url	https://www.phpmyadmin.net/security/PMASA-2017-9/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2017-9/

reference_url	http://www.securitytracker.com/id/1040163
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040163

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/45284.txt
reference_id	CVE-2017-1000499
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/45284.txt

reference_url

https://github.com/advisories/GHSA-f9hx-5jq4-fgjm

reference_id

GHSA-f9hx-5jq4-fgjm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f9hx-5jq4-fgjm

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.7.7

purl pkg:composer/phpmyadmin/phpmyadmin@4.7.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3fqj-9fn2-uqhe

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-5vg7-fddm-sqfr

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-7k46-nxcx-zfdz

vulnerability	VCID-b55b-rsv5-4ydv

vulnerability	VCID-cauk-7k6d-hbdd

vulnerability	VCID-cmu6-m7cr-7fa7

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-h5ft-zg32-myhg

vulnerability	VCID-m92n-w5zs-qkfr

vulnerability	VCID-mdf6-k5zm-5uen

vulnerability	VCID-ngjc-296q-f3fu

vulnerability	VCID-nwea-842b-hbet

vulnerability	VCID-pu49-c9vu-rbec

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

vulnerability	VCID-w2y5-u1vp-xuh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.7

aliases CVE-2017-1000499, GHSA-f9hx-5jq4-fgjm

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ucfd-2whz-j3ep

url VCID-vb6g-x173-9khp

vulnerability_id VCID-vb6g-x173-9khp

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0813

reference_id

reference_type

scores

value	0.00317
scoring_system	epss
scoring_elements	0.55344
published_at	2026-06-12T12:55:00Z

value	0.00317
scoring_system	epss
scoring_elements	0.55347
published_at	2026-06-14T12:55:00Z

value	0.00317
scoring_system	epss
scoring_elements	0.55223
published_at	2026-06-11T12:55:00Z

value	0.00317
scoring_system	epss
scoring_elements	0.55361
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0813
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0813

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information
reference_id
reference_type
scores
url	https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information

reference_url

https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released

reference_url	https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-0813

reference_id

CVE-2022-0813

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-0813

reference_url

https://github.com/advisories/GHSA-vx8q-j7h9-vf6q

reference_id

GHSA-vx8q-j7h9-vf6q

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vx8q-j7h9-vf6q

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@5.1.2

purl pkg:composer/phpmyadmin/phpmyadmin@5.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-87ne-4523-v7fa

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.1.2

url pkg:composer/phpmyadmin/phpmyadmin@5.1.3

purl pkg:composer/phpmyadmin/phpmyadmin@5.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-87ne-4523-v7fa

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.1.3

aliases CVE-2022-0813, GHSA-vx8q-j7h9-vf6q

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vb6g-x173-9khp

url VCID-w2y5-u1vp-xuh6

vulnerability_id VCID-w2y5-u1vp-xuh6

summary phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19617

reference_id

reference_type

scores

value	0.00997
scoring_system	epss
scoring_elements	0.77386
published_at	2026-06-11T12:55:00Z

value	0.00997
scoring_system	epss
scoring_elements	0.77456
published_at	2026-06-12T12:55:00Z

value	0.00997
scoring_system	epss
scoring_elements	0.77471
published_at	2026-06-13T12:55:00Z

value	0.00997
scoring_system	epss
scoring_elements	0.77462
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19617

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19617
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19617

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9

reference_url

https://github.com/phpmyadmin/phpmyadmin/compare/RELEASE_4_9_1...RELEASE_4_9_2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/compare/RELEASE_4_9_1...RELEASE_4_9_2

reference_url

https://lists.debian.org/debian-lts-announce/2019/12/msg00006.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/12/msg00006.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-19617

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-19617

reference_url

https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released

reference_url	https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released/

reference_url

https://github.com/advisories/GHSA-pgph-mc4p-f8c3

reference_id

GHSA-pgph-mc4p-f8c3

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pgph-mc4p-f8c3

reference_url	https://usn.ubuntu.com/4639-1/
reference_id	USN-4639-1
reference_type
scores
url	https://usn.ubuntu.com/4639-1/

reference_url	https://usn.ubuntu.com/USN-4843-1/
reference_id	USN-USN-4843-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4843-1/

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.9.2

purl pkg:composer/phpmyadmin/phpmyadmin@4.9.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9y-mpe6-akgc

vulnerability	VCID-7ab3-tj6r-r3g7

vulnerability	VCID-dv3f-h92r-37gs

vulnerability	VCID-e8jm-k1ee-v3dg

vulnerability	VCID-h5ft-zg32-myhg

vulnerability	VCID-k8q3-v7cc-7yhq

vulnerability	VCID-rzd6-pqqs-a3em

vulnerability	VCID-sya2-1y7u-b7hu

vulnerability	VCID-vb6g-x173-9khp

vulnerability	VCID-xsbv-xna2-qfeb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.2

aliases CVE-2019-19617, GHSA-pgph-mc4p-f8c3

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w2y5-u1vp-xuh6

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.6

Package Instance