Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/phpmyadmin/phpmyadmin@4.5.0%2B2

Type composer

Namespace phpmyadmin

Name phpmyadmin

Version 4.5.0+2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.9.8

Latest_non_vulnerable_version 5.2.2

Affected_by_vulnerabilities

url VCID-1hvw-4h4d-zkhv

vulnerability_id VCID-1hvw-4h4d-zkhv

summary

Cross-site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin allow remote authenticated users to inject arbitrary web script or HTML.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2040

reference_id

reference_type

scores

value	0.00493
scoring_system	epss
scoring_elements	0.66016
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2040

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/75a55824012406a08c4debf5ddb7ae41c32a7dbc

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/75a55824012406a08c4debf5ddb7ae41c32a7dbc

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/aca42efa01917cc0fe8cfdb2927a6399ca1742f2

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/aca42efa01917cc0fe8cfdb2927a6399ca1742f2

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/edffb52884b09562490081c3b8666ef46c296418

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/edffb52884b09562490081c3b8666ef46c296418

reference_url

http://www.debian.org/security/2016/dsa-3627

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2016/dsa-3627

reference_url

http://www.phpmyadmin.net/home_page/security/PMASA-2016-3.php

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.phpmyadmin.net/home_page/security/PMASA-2016-3.php

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-2040

reference_id

CVE-2016-2040

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2040

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.5.4

purl pkg:composer/phpmyadmin/phpmyadmin@4.5.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b6ng-ygap-zqh4

vulnerability	VCID-pfdk-db4h-47dx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.5.4

url pkg:composer/phpmyadmin/phpmyadmin@4.7.0

purl pkg:composer/phpmyadmin/phpmyadmin@4.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2at1-y3qg-77fb

vulnerability	VCID-32ja-yuuw-bbbh

vulnerability	VCID-4wn2-pnbv-sked

vulnerability	VCID-52xs-45kd-w3hz

vulnerability	VCID-5dd1-nzdy-zfez

vulnerability	VCID-8rvw-n1fg-ffc2

vulnerability	VCID-ajf6-bk2g-wkb7

vulnerability	VCID-axtb-1njj-rbb4

vulnerability	VCID-bd83-vf81-sfa4

vulnerability	VCID-dx3h-z4dg-m3e1

vulnerability	VCID-j2k3-xghw-gfb3

vulnerability	VCID-kfr7-v6tb-eqau

vulnerability	VCID-mzuh-5e5y-d3hr

vulnerability	VCID-p1jn-sxds-mqd1

vulnerability	VCID-q45d-5bf4-tff5

vulnerability	VCID-q7rn-1612-quau

vulnerability	VCID-r4zz-m2mr-9qeb

vulnerability	VCID-rx9z-rdmm-5fg6

vulnerability	VCID-w6nk-akeh-4ufg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0

aliases CVE-2016-2040, GHSA-pw34-qf6c-84fc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1hvw-4h4d-zkhv

url VCID-4kax-4bpz-g7c5

vulnerability_id VCID-4kax-4bpz-g7c5

summary

Covert Timing Channel
`libraries/common.inc.php` in phpMyAdmin does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2041

reference_id

reference_type

scores

value	0.01029
scoring_system	epss
scoring_elements	0.77659
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2041

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/ec0e88e37ef30a66eada1c072953f4ec385a3e49

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/ec0e88e37ef30a66eada1c072953f4ec385a3e49

reference_url

http://www.debian.org/security/2016/dsa-3627

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2016/dsa-3627

reference_url

http://www.phpmyadmin.net/home_page/security/PMASA-2016-5.php

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.phpmyadmin.net/home_page/security/PMASA-2016-5.php

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-2041

reference_id

CVE-2016-2041

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2041

fixed_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.5.4

purl pkg:composer/phpmyadmin/phpmyadmin@4.5.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b6ng-ygap-zqh4

vulnerability	VCID-pfdk-db4h-47dx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.5.4

url pkg:composer/phpmyadmin/phpmyadmin@4.7.0

purl pkg:composer/phpmyadmin/phpmyadmin@4.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2at1-y3qg-77fb

vulnerability	VCID-32ja-yuuw-bbbh

vulnerability	VCID-4wn2-pnbv-sked

vulnerability	VCID-52xs-45kd-w3hz

vulnerability	VCID-5dd1-nzdy-zfez

vulnerability	VCID-8rvw-n1fg-ffc2

vulnerability	VCID-ajf6-bk2g-wkb7

vulnerability	VCID-axtb-1njj-rbb4

vulnerability	VCID-bd83-vf81-sfa4

vulnerability	VCID-dx3h-z4dg-m3e1

vulnerability	VCID-j2k3-xghw-gfb3

vulnerability	VCID-kfr7-v6tb-eqau

vulnerability	VCID-mzuh-5e5y-d3hr

vulnerability	VCID-p1jn-sxds-mqd1

vulnerability	VCID-q45d-5bf4-tff5

vulnerability	VCID-q7rn-1612-quau

vulnerability	VCID-r4zz-m2mr-9qeb

vulnerability	VCID-rx9z-rdmm-5fg6

vulnerability	VCID-w6nk-akeh-4ufg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0

aliases CVE-2016-2041, GHSA-8m97-xc46-rw9w

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4kax-4bpz-g7c5

url VCID-b6ng-ygap-zqh4

vulnerability_id VCID-b6ng-ygap-zqh4

summary

Improper Input Validation
The `checkHTTP` function in `libraries/Config.class.php` in phpMyAdmin does not verify X.509 certificates from `api.github.com` SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2562

reference_id

reference_type

scores

value	0.0023
scoring_system	epss
scoring_elements	0.4589
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2562

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/e42b7e3aedd29dd0f7a48575f20bfc5aca0ff976

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/e42b7e3aedd29dd0f7a48575f20bfc5aca0ff976

reference_url

https://www.phpmyadmin.net/security/PMASA-2016-13

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2016-13

reference_url	https://www.phpmyadmin.net/security/PMASA-2016-13/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2016-13/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-2562

reference_id

CVE-2016-2562

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2562

fixed_packages

url	pkg:composer/phpmyadmin/phpmyadmin@4.5.5%2B1
purl	pkg:composer/phpmyadmin/phpmyadmin@4.5.5%2B1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.5.5%252B1

url pkg:composer/phpmyadmin/phpmyadmin@4.7.0

purl pkg:composer/phpmyadmin/phpmyadmin@4.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2at1-y3qg-77fb

vulnerability	VCID-32ja-yuuw-bbbh

vulnerability	VCID-4wn2-pnbv-sked

vulnerability	VCID-52xs-45kd-w3hz

vulnerability	VCID-5dd1-nzdy-zfez

vulnerability	VCID-8rvw-n1fg-ffc2

vulnerability	VCID-ajf6-bk2g-wkb7

vulnerability	VCID-axtb-1njj-rbb4

vulnerability	VCID-bd83-vf81-sfa4

vulnerability	VCID-dx3h-z4dg-m3e1

vulnerability	VCID-j2k3-xghw-gfb3

vulnerability	VCID-kfr7-v6tb-eqau

vulnerability	VCID-mzuh-5e5y-d3hr

vulnerability	VCID-p1jn-sxds-mqd1

vulnerability	VCID-q45d-5bf4-tff5

vulnerability	VCID-q7rn-1612-quau

vulnerability	VCID-r4zz-m2mr-9qeb

vulnerability	VCID-rx9z-rdmm-5fg6

vulnerability	VCID-w6nk-akeh-4ufg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0

aliases CVE-2016-2562, GHSA-w8qg-j9fp-hrjf

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b6ng-ygap-zqh4

url VCID-pfdk-db4h-47dx

vulnerability_id VCID-pfdk-db4h-47dx

summary

Cross-site Scripting
A Cross-site scripting (XSS) vulnerability in the format function in `libraries/sql-parser/src/Utils/Error.php` in the SQL parser in phpMyAdmin allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2559

reference_id

reference_type

scores

value	0.00269
scoring_system	epss
scoring_elements	0.50585
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2559

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/3a6a9a807d99371ee126635e1a505fc1fe0df32c

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/3a6a9a807d99371ee126635e1a505fc1fe0df32c

reference_url

https://www.phpmyadmin.net/security/PMASA-2016-10

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.phpmyadmin.net/security/PMASA-2016-10

reference_url	https://www.phpmyadmin.net/security/PMASA-2016-10/
reference_id
reference_type
scores
url	https://www.phpmyadmin.net/security/PMASA-2016-10/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-2559

reference_id

CVE-2016-2559

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2559

fixed_packages

url	pkg:composer/phpmyadmin/phpmyadmin@4.5.5%2B1
purl	pkg:composer/phpmyadmin/phpmyadmin@4.5.5%2B1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.5.5%252B1

url pkg:composer/phpmyadmin/phpmyadmin@4.7.0

purl pkg:composer/phpmyadmin/phpmyadmin@4.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2at1-y3qg-77fb

vulnerability	VCID-32ja-yuuw-bbbh

vulnerability	VCID-4wn2-pnbv-sked

vulnerability	VCID-52xs-45kd-w3hz

vulnerability	VCID-5dd1-nzdy-zfez

vulnerability	VCID-8rvw-n1fg-ffc2

vulnerability	VCID-ajf6-bk2g-wkb7

vulnerability	VCID-axtb-1njj-rbb4

vulnerability	VCID-bd83-vf81-sfa4

vulnerability	VCID-dx3h-z4dg-m3e1

vulnerability	VCID-j2k3-xghw-gfb3

vulnerability	VCID-kfr7-v6tb-eqau

vulnerability	VCID-mzuh-5e5y-d3hr

vulnerability	VCID-p1jn-sxds-mqd1

vulnerability	VCID-q45d-5bf4-tff5

vulnerability	VCID-q7rn-1612-quau

vulnerability	VCID-r4zz-m2mr-9qeb

vulnerability	VCID-rx9z-rdmm-5fg6

vulnerability	VCID-w6nk-akeh-4ufg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0

aliases CVE-2016-2559, GHSA-7rf8-9r8f-qf59

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pfdk-db4h-47dx

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.5.0%252B2

Package Instance