{"url":"http://public2.vulnerablecode.io/api/packages/53741?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.4.15%2B9","type":"composer","namespace":"phpmyadmin","name":"phpmyadmin","version":"4.4.15+9","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.7.1","latest_non_vulnerable_version":"5.2.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38671?format=json","vulnerability_id":"VCID-23dq-w66r-k3bt","summary":"Cross-site Scripting\nphpMyAdmin is vulnerable to a CSS injection attack through crafted cookie parameters.","references":[{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2017-4","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2017-4"},{"reference_url":"http://www.securityfocus.com/bid/95726","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95726"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000015","reference_id":"CVE-2017-1000015","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000015"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52549?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-axtb-1njj-rbb4"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0"}],"aliases":["CVE-2017-1000015"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-23dq-w66r-k3bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38682?format=json","vulnerability_id":"VCID-38tp-acy8-57hj","summary":"Improper Input Validation\nphpMyAdmin is vulnerable to a DoS weakness in the table editing functionality.","references":[{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2017-3","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2017-3"},{"reference_url":"http://www.securityfocus.com/bid/95721","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95721"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000014","reference_id":"CVE-2017-1000014","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000014"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52549?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-axtb-1njj-rbb4"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0"}],"aliases":["CVE-2017-1000014"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-38tp-acy8-57hj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38679?format=json","vulnerability_id":"VCID-txba-1at4-ekg2","summary":"URL Redirection to Untrusted Site (Open Redirect)\nphpMyAdmin is vulnerable to an open redirect weakness.","references":[{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2017-1","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2017-1"},{"reference_url":"http://www.securityfocus.com/bid/95720","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95720"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000013","reference_id":"CVE-2017-1000013","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000013"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52549?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-axtb-1njj-rbb4"},{"vulnerability":"VCID-q45d-5bf4-tff5"},{"vulnerability":"VCID-r4zz-m2mr-9qeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.0"}],"aliases":["CVE-2017-1000013"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-txba-1at4-ekg2"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44158?format=json","vulnerability_id":"VCID-cbjd-e3sk-m7bu","summary":"Cross-Site Request Forgery (CSRF)\nAn issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.","references":[{"reference_url":"https://security.gentoo.org/glsa/201701-32","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-32"},{"reference_url":"https://web.archive.org/web/20210123194736/http://www.securityfocus.com/bid/94536","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20210123194736/http://www.securityfocus.com/bid/94536"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2016-71","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2016-71"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9866","reference_id":"CVE-2016-9866","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9866"},{"reference_url":"https://github.com/advisories/GHSA-jvxx-8xxf-5495","reference_id":"GHSA-jvxx-8xxf-5495","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jvxx-8xxf-5495"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53740?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-txba-1at4-ekg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10%252B18"},{"url":"http://public2.vulnerablecode.io/api/packages/53741?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.4.15%2B9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-txba-1at4-ekg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.4.15%252B9"},{"url":"http://public2.vulnerablecode.io/api/packages/53742?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.6.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-txba-1at4-ekg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.6.5"}],"aliases":["CVE-2016-9866","GHSA-jvxx-8xxf-5495"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cbjd-e3sk-m7bu"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.4.15%252B9"}