{"url":"http://public2.vulnerablecode.io/api/packages/61862?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.0.0","type":"composer","namespace":"phpmyadmin","name":"phpmyadmin","version":"3.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.1.3+1","latest_non_vulnerable_version":"5.2.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44048?format=json","vulnerability_id":"VCID-6r4m-kxj7-ybb6","summary":"Improper Control of Generation of Code ('Code Injection')\nsetup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.","references":[{"reference_url":"http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html","reference_id":"","reference_type":"","scores":[],"url":"http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f","reference_id":"","reference_type":"","scores":[],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f"},{"reference_url":"http://securityreason.com/securityalert/8306","reference_id":"","reference_type":"","scores":[],"url":"http://securityreason.com/securityalert/8306"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/2e01647949df937040e73a94ce0bac0daecbdcf4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/2e01647949df937040e73a94ce0bac0daecbdcf4"},{"reference_url":"https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"},{"reference_url":"https://web.archive.org/web/20111116172111/http://www.securityfocus.com/archive/1/518804/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20111116172111/http://www.securityfocus.com/archive/1/518804/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20121105034518/http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20121105034518/http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/","reference_id":"","reference_type":"","scores":[],"url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"},{"reference_url":"http://www.debian.org/security/2011/dsa-2286","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2011/dsa-2286"},{"reference_url":"http://www.exploit-db.com/exploits/17514/","reference_id":"","reference_type":"","scores":[],"url":"http://www.exploit-db.com/exploits/17514/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/06/28/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2011/06/28/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/06/28/6","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2011/06/28/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/06/28/8","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2011/06/28/8"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/06/29/11","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2011/06/29/11"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php","reference_id":"","reference_type":"","scores":[],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2506","reference_id":"CVE-2011-2506","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2506"},{"reference_url":"https://github.com/advisories/GHSA-p6h7-29r2-g88f","reference_id":"GHSA-p6h7-29r2-g88f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p6h7-29r2-g88f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63265?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.3.10%2B2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.3.10%252B2"},{"url":"http://public2.vulnerablecode.io/api/packages/63266?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.4.3%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.4.3%252B1"}],"aliases":["CVE-2011-2506","GHSA-p6h7-29r2-g88f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6r4m-kxj7-ybb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43205?format=json","vulnerability_id":"VCID-cyv1-muwx-83h8","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table.","references":[{"reference_url":"http://bugs.gentoo.org/show_bug.cgi?id=288899","reference_id":"","reference_type":"","scores":[],"url":"http://bugs.gentoo.org/show_bug.cgi?id=288899"},{"reference_url":"http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/2.11.9.6/phpMyAdmin-2.11.9.6-notes.html","reference_id":"","reference_type":"","scores":[],"url":"http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/2.11.9.6/phpMyAdmin-2.11.9.6-notes.html"},{"reference_url":"http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.2.2.1/phpMyAdmin-3.2.2.1-notes.html","reference_id":"","reference_type":"","scores":[],"url":"http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.2.2.1/phpMyAdmin-3.2.2.1-notes.html"},{"reference_url":"http://freshmeat.net/projects/phpmyadmin/releases/306667","reference_id":"","reference_type":"","scores":[],"url":"http://freshmeat.net/projects/phpmyadmin/releases/306667"},{"reference_url":"http://freshmeat.net/projects/phpmyadmin/releases/306669","reference_id":"","reference_type":"","scores":[],"url":"http://freshmeat.net/projects/phpmyadmin/releases/306669"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"},{"reference_url":"http://marc.info/?l=oss-security&m=125553728512853&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=oss-security&m=125553728512853&w=2"},{"reference_url":"http://marc.info/?l=oss-security&m=125561979001460&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=oss-security&m=125561979001460&w=2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=528769","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=528769"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/53742","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/53742"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/212daad0c082dfb853e3a4098838781a96b2ce1f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/212daad0c082dfb853e3a4098838781a96b2ce1f"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/8ec5434999724f61d7df1f9b0b13545274c78b1e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/8ec5434999724f61d7df1f9b0b13545274c78b1e"},{"reference_url":"https://web.archive.org/web/20200228173112/http://www.securityfocus.com/bid/36658","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200228173112/http://www.securityfocus.com/bid/36658"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00467.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00467.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00490.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00490.html"},{"reference_url":"http://typo3.org/extensions/repository/view/phpmyadmin/4.5.0/","reference_id":"","reference_type":"","scores":[],"url":"http://typo3.org/extensions/repository/view/phpmyadmin/4.5.0/"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-015/","reference_id":"","reference_type":"","scores":[],"url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-015/"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:274","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:274"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2009-6.php","reference_id":"","reference_type":"","scores":[],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2009-6.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3696","reference_id":"CVE-2009-3696","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3696"},{"reference_url":"https://github.com/advisories/GHSA-5pvv-f8h3-gw96","reference_id":"GHSA-5pvv-f8h3-gw96","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5pvv-f8h3-gw96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61864?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.2.2%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.2.2%252B1"}],"aliases":["CVE-2009-3696","GHSA-5pvv-f8h3-gw96"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cyv1-muwx-83h8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44031?format=json","vulnerability_id":"VCID-qnf5-aays-qkf1","summary":"Improper Control of Generation of Code ('Code Injection')\nlibraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a \"remote variable manipulation vulnerability.\"","references":[{"reference_url":"http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html","reference_id":"","reference_type":"","scores":[],"url":"http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"},{"reference_url":"http://securityreason.com/securityalert/8306","reference_id":"","reference_type":"","scores":[],"url":"http://securityreason.com/securityalert/8306"},{"reference_url":"https://github.com/phpmyadmin/composer/commit/7ebd958b2bf59f96fecd5b3322bdbd0b244a7967","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/phpmyadmin/composer/commit/7ebd958b2bf59f96fecd5b3322bdbd0b244a7967"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/6e6e129f26295c83d67b74e202628a4b8bc49e54","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/6e6e129f26295c83d67b74e202628a4b8bc49e54"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/7ebd958b2bf59f96fecd5b3322bdbd0b244a7967","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/7ebd958b2bf59f96fecd5b3322bdbd0b244a7967"},{"reference_url":"https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"},{"reference_url":"https://web.archive.org/web/20111116172111/http://www.securityfocus.com/archive/1/518804/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20111116172111/http://www.securityfocus.com/archive/1/518804/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20121105034518/http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20121105034518/http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/","reference_id":"","reference_type":"","scores":[],"url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"},{"reference_url":"http://www.debian.org/security/2011/dsa-2286","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2011/dsa-2286"},{"reference_url":"http://www.exploit-db.com/exploits/17514/","reference_id":"","reference_type":"","scores":[],"url":"http://www.exploit-db.com/exploits/17514/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/06/28/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2011/06/28/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/06/28/6","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2011/06/28/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/06/28/8","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2011/06/28/8"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/06/29/11","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2011/06/29/11"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php","reference_id":"","reference_type":"","scores":[],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2505","reference_id":"CVE-2011-2505","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2505"},{"reference_url":"https://github.com/advisories/GHSA-vqcm-r62w-w437","reference_id":"GHSA-vqcm-r62w-w437","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vqcm-r62w-w437"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63265?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.3.10%2B2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.3.10%252B2"},{"url":"http://public2.vulnerablecode.io/api/packages/63266?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.4.3%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.4.3%252B1"}],"aliases":["CVE-2011-2505","GHSA-vqcm-r62w-w437"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qnf5-aays-qkf1"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.0.0"}