{"url":"http://public2.vulnerablecode.io/api/packages/52540?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.4.7","type":"composer","namespace":"phpmyadmin","name":"phpmyadmin","version":"4.4.7","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.4.15+7","latest_non_vulnerable_version":"5.2.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38033?format=json","vulnerability_id":"VCID-1hvw-4h4d-zkhv","summary":"Cross-site Scripting\nMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin allow remote authenticated users to inject arbitrary web script or HTML.","references":[{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2016-3.php","reference_id":"","reference_type":"","scores":[],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2016-3.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2040","reference_id":"CVE-2016-2040","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2040"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52549?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-axtb-1njj-rbb4"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0"}],"aliases":["CVE-2016-2040"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1hvw-4h4d-zkhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38671?format=json","vulnerability_id":"VCID-23dq-w66r-k3bt","summary":"Cross-site Scripting\nphpMyAdmin is vulnerable to a CSS injection attack through crafted cookie parameters.","references":[{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2017-4","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2017-4"},{"reference_url":"http://www.securityfocus.com/bid/95726","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95726"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000015","reference_id":"CVE-2017-1000015","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000015"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52549?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-axtb-1njj-rbb4"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0"}],"aliases":["CVE-2017-1000015"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-23dq-w66r-k3bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38682?format=json","vulnerability_id":"VCID-38tp-acy8-57hj","summary":"Improper Input Validation\nphpMyAdmin is vulnerable to a DoS weakness in the table editing functionality.","references":[{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2017-3","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2017-3"},{"reference_url":"http://www.securityfocus.com/bid/95721","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95721"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000014","reference_id":"CVE-2017-1000014","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000014"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52549?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-axtb-1njj-rbb4"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0"}],"aliases":["CVE-2017-1000014"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-38tp-acy8-57hj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38034?format=json","vulnerability_id":"VCID-4kax-4bpz-g7c5","summary":"Covert Timing Channel\n`libraries/common.inc.php` in phpMyAdmin does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.","references":[{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2016-5.php","reference_id":"","reference_type":"","scores":[],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2016-5.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2041","reference_id":"CVE-2016-2041","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2041"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52549?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-axtb-1njj-rbb4"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0"}],"aliases":["CVE-2016-2041"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4kax-4bpz-g7c5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38679?format=json","vulnerability_id":"VCID-txba-1at4-ekg2","summary":"URL Redirection to Untrusted Site (Open Redirect)\nphpMyAdmin is vulnerable to an open redirect weakness.","references":[{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2017-1","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2017-1"},{"reference_url":"http://www.securityfocus.com/bid/95720","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95720"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000013","reference_id":"CVE-2017-1000013","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000013"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52549?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-axtb-1njj-rbb4"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0"}],"aliases":["CVE-2017-1000013"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-txba-1at4-ekg2"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.4.7"}