Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/phpmyadmin/phpmyadmin@3.3.0
Typecomposer
Namespacephpmyadmin
Namephpmyadmin
Version3.3.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.9.11
Latest_non_vulnerable_version5.2.2
Affected_by_vulnerabilities
0
url VCID-8amg-r4d1-kubh
vulnerability_id VCID-8amg-r4d1-kubh
summary 
phpMyAdmin Vulnerable to Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php.
references
0
reference_url http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=7e10c132a3887c8ebfd7a8eee356b28375f1e287
reference_id
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=7e10c132a3887c8ebfd7a8eee356b28375f1e287
1
reference_url http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=d3ccf798fdbd4f8a89d4088130637d8dee918492
reference_id
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=d3ccf798fdbd4f8a89d4088130637d8dee918492
2
reference_url http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=7e10c132a3887c8ebfd7a8eee356b28375f1e287
reference_id
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=7e10c132a3887c8ebfd7a8eee356b28375f1e287
3
reference_url http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=d3ccf798fdbd4f8a89d4088130637d8dee918492
reference_id
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=d3ccf798fdbd4f8a89d4088130637d8dee918492
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-1940
reference_id
reference_type
scores
0
value 0.00285
scoring_system epss
scoring_elements 0.52251
published_at 2026-06-05T12:55:00Z
1
value 0.00285
scoring_system epss
scoring_elements 0.52191
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-1940
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1940
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1940
6
reference_url https://github.com/phpmyadmin/phpmyadmin
reference_id
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/phpmyadmin
7
reference_url http://www.debian.org/security/2012/dsa-2391
reference_id
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2391
8
reference_url http://www.phpmyadmin.net/home_page/security/PMASA-2011-3.php
reference_id
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.phpmyadmin.net/home_page/security/PMASA-2011-3.php
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-1940
reference_id CVE-2011-1940
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-1940
10
reference_url https://github.com/advisories/GHSA-4q58-5x28-53wv
reference_id GHSA-4q58-5x28-53wv
reference_type
scores
url https://github.com/advisories/GHSA-4q58-5x28-53wv
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@3.3.10%2B1
purl pkg:composer/phpmyadmin/phpmyadmin@3.3.10%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.3.10%252B1
1
url pkg:composer/phpmyadmin/phpmyadmin@3.4.1
purl pkg:composer/phpmyadmin/phpmyadmin@3.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.4.1
aliases CVE-2011-1940, GHSA-4q58-5x28-53wv
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8amg-r4d1-kubh
1
url VCID-92xz-8fkp-ekh3
vulnerability_id VCID-92xz-8fkp-ekh3
summary 
phpMyAdmin Directory Traversal vulnerability
Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter.
references
0
reference_url http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html
2
reference_url http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=b434320eff8ca9c2fc1b043c1804f868341af9a7
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=b434320eff8ca9c2fc1b043c1804f868341af9a7
3
reference_url http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=b434320eff8ca9c2fc1b043c1804f868341af9a7
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=b434320eff8ca9c2fc1b043c1804f868341af9a7
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2508
reference_id
reference_type
scores
0
value 0.11174
scoring_system epss
scoring_elements 0.93632
published_at 2026-06-04T12:55:00Z
1
value 0.11174
scoring_system epss
scoring_elements 0.93642
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2508
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2508
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2508
6
reference_url https://github.com/phpmyadmin/phpmyadmin
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/phpmyadmin
7
reference_url https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt
8
reference_url https://web.archive.org/web/20111109175131/http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20111109175131/http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008
9
reference_url https://web.archive.org/web/20111217070727/http://www.securityfocus.com/archive/1/518804/100/0/threaded
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20111217070727/http://www.securityfocus.com/archive/1/518804/100/0/threaded
10
reference_url https://web.archive.org/web/20111217173735/http://securityreason.com/securityalert/8306
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20111217173735/http://securityreason.com/securityalert/8306
11
reference_url https://web.archive.org/web/20250218012437/http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20250218012437/http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html
12
reference_url http://www.debian.org/security/2011/dsa-2286
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2011/dsa-2286
13
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2011:124
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.mandriva.com/security/advisories?name=MDVSA-2011:124
14
reference_url http://www.openwall.com/lists/oss-security/2011/06/28/2
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/06/28/2
15
reference_url http://www.openwall.com/lists/oss-security/2011/06/28/6
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/06/28/6
16
reference_url http://www.openwall.com/lists/oss-security/2011/06/28/8
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/06/28/8
17
reference_url http://www.openwall.com/lists/oss-security/2011/06/29/11
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/06/29/11
18
reference_url http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-2508
reference_id CVE-2011-2508
reference_type
scores
0
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-2508
20
reference_url https://github.com/advisories/GHSA-q6vw-39cg-wjjf
reference_id GHSA-q6vw-39cg-wjjf
reference_type
scores
url https://github.com/advisories/GHSA-q6vw-39cg-wjjf
21
reference_url https://security.gentoo.org/glsa/201201-01
reference_id GLSA-201201-01
reference_type
scores
url https://security.gentoo.org/glsa/201201-01
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@3.3.10%2B2
purl pkg:composer/phpmyadmin/phpmyadmin@3.3.10%2B2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.3.10%252B2
1
url pkg:composer/phpmyadmin/phpmyadmin@3.4.3%2B1
purl pkg:composer/phpmyadmin/phpmyadmin@3.4.3%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.4.3%252B1
aliases CVE-2011-2508, GHSA-q6vw-39cg-wjjf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-92xz-8fkp-ekh3
2
url VCID-eqw3-es5t-5qan
vulnerability_id VCID-eqw3-es5t-5qan
summary phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054349.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054349.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054355.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054355.html
2
reference_url http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=035d002db1e1201e73e560d7d98591563b506a83
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=035d002db1e1201e73e560d7d98591563b506a83
3
reference_url http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=035d002db1e1201e73e560d7d98591563b506a83
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=035d002db1e1201e73e560d7d98591563b506a83
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-0986
reference_id
reference_type
scores
0
value 0.00546
scoring_system epss
scoring_elements 0.68208
published_at 2026-06-05T12:55:00Z
1
value 0.00546
scoring_system epss
scoring_elements 0.68169
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-0986
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0986
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0986
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/65424
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/65424
7
reference_url https://github.com/phpmyadmin/phpmyadmin
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/phpmyadmin
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-0986
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-0986
9
reference_url http://www.mandriva.com/security/advisories?name=MDVSA-2011:026
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.mandriva.com/security/advisories?name=MDVSA-2011:026
10
reference_url http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php
11
reference_url https://github.com/advisories/GHSA-wcmm-28rg-mg3r
reference_id GHSA-wcmm-28rg-mg3r
reference_type
scores
url https://github.com/advisories/GHSA-wcmm-28rg-mg3r
12
reference_url https://security.gentoo.org/glsa/201201-01
reference_id GLSA-201201-01
reference_type
scores
url https://security.gentoo.org/glsa/201201-01
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@3.3.9%2B1
purl pkg:composer/phpmyadmin/phpmyadmin@3.3.9%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.3.9%252B1
aliases CVE-2011-0986, GHSA-wcmm-28rg-mg3r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eqw3-es5t-5qan
3
url VCID-zb95-sn9m-r3bu
vulnerability_id VCID-zb95-sn9m-r3bu
summary 
Improper Restriction of XML External Entity Reference
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html
3
reference_url http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-4107
reference_id
reference_type
scores
0
value 0.12434
scoring_system epss
scoring_elements 0.94043
published_at 2026-06-05T12:55:00Z
1
value 0.12434
scoring_system epss
scoring_elements 0.94035
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-4107
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=751112
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=751112
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4107
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4107
7
reference_url http://seclists.org/fulldisclosure/2011/Nov/21
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2011/Nov/21
8
reference_url http://securityreason.com/securityalert/8533
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://securityreason.com/securityalert/8533
9
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/71108
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/71108
10
reference_url https://github.com/phpmyadmin/phpmyadmin
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/phpmyadmin
11
reference_url https://github.com/phpmyadmin/phpmyadmin/commit/2fbf631384fd8cded55f4500cb87b129442f9ed2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/phpmyadmin/commit/2fbf631384fd8cded55f4500cb87b129442f9ed2
12
reference_url https://github.com/phpmyadmin/phpmyadmin/commit/34d99de000de9d15cfdf5e9cc8b7682d51110bbd
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/phpmyadmin/commit/34d99de000de9d15cfdf5e9cc8b7682d51110bbd
13
reference_url https://github.com/phpmyadmin/phpmyadmin/commit/5fa86b8e81565c15ddbc359e8f59ecd829a2b717
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/phpmyadmin/commit/5fa86b8e81565c15ddbc359e8f59ecd829a2b717
14
reference_url https://github.com/phpmyadmin/phpmyadmin/commit/a5e206fbd2ca814042cfc1bb7dd3b40c28ce3fb5
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/phpmyadmin/commit/a5e206fbd2ca814042cfc1bb7dd3b40c28ce3fb5
15
reference_url http://www.debian.org/security/2012/dsa-2391
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2012/dsa-2391
16
reference_url http://www.openwall.com/lists/oss-security/2011/11/03/3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/11/03/3
17
reference_url http://www.openwall.com/lists/oss-security/2011/11/03/5
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/11/03/5
18
reference_url http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656247
reference_id 656247
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656247
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-4107
reference_id CVE-2011-4107
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-4107
21
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/18371.rb
reference_id CVE-2011-4107;OSVDB-76798
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/18371.rb
22
reference_url https://github.com/advisories/GHSA-q4mm-89q2-xffg
reference_id GHSA-q4mm-89q2-xffg
reference_type
scores
url https://github.com/advisories/GHSA-q4mm-89q2-xffg
23
reference_url https://security.gentoo.org/glsa/201201-01
reference_id GLSA-201201-01
reference_type
scores
url https://security.gentoo.org/glsa/201201-01
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@3.3.10%2B5
purl pkg:composer/phpmyadmin/phpmyadmin@3.3.10%2B5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.3.10%252B5
1
url pkg:composer/phpmyadmin/phpmyadmin@3.4.7%2B1
purl pkg:composer/phpmyadmin/phpmyadmin@3.4.7%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.4.7%252B1
aliases CVE-2011-4107, GHSA-q4mm-89q2-xffg
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zb95-sn9m-r3bu
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.3.0