{"url":"http://public2.vulnerablecode.io/api/packages/54801?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.7","type":"composer","namespace":"phpmyadmin","name":"phpmyadmin","version":"4.7.7","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"4.7.8","latest_non_vulnerable_version":"5.2.1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39253?format=json","vulnerability_id":"VCID-axtb-1njj-rbb4","summary":"Cross-Site Request Forgery (CSRF)\nphpMyAdmin versions is vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping or truncating tables etc.","references":[{"reference_url":"https://www.exploit-db.com/exploits/45284/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/45284/"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2017-9/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2017-9/"},{"reference_url":"http://www.securitytracker.com/id/1040163","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1040163"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000499","reference_id":"CVE-2017-1000499","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000499"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54801?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.7"}],"aliases":["CVE-2017-1000499"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-axtb-1njj-rbb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40501?format=json","vulnerability_id":"VCID-r4zz-m2mr-9qeb","summary":"Cross-Site Request Forgery (CSRF)\nBy deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new `tables/routines`, deleting designer pages, `adding/deleting` users, updating user passwords, killing SQL processes.","references":[{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2018-7/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2018-7/"},{"reference_url":"http://www.securityfocus.com/bid/106175","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106175"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19969","reference_id":"CVE-2018-19969","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19969"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54801?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.7.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.7"},{"url":"http://public2.vulnerablecode.io/api/packages/57122?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajf6-bk2g-wkb7"},{"vulnerability":"VCID-bd83-vf81-sfa4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.4"}],"aliases":["CVE-2018-19969"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r4zz-m2mr-9qeb"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.7"}