{"url":"http://public2.vulnerablecode.io/api/packages/63263?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.3.0","type":"composer","namespace":"phpmyadmin","name":"phpmyadmin","version":"3.3.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.9.8","latest_non_vulnerable_version":"5.2.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44151?format=json","vulnerability_id":"VCID-8amg-r4d1-kubh","summary":"phpMyAdmin Vulnerable to Cross-Site Scripting\nMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php.","references":[{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=7e10c132a3887c8ebfd7a8eee356b28375f1e287","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=7e10c132a3887c8ebfd7a8eee356b28375f1e287"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=d3ccf798fdbd4f8a89d4088130637d8dee918492","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=d3ccf798fdbd4f8a89d4088130637d8dee918492"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=7e10c132a3887c8ebfd7a8eee356b28375f1e287","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=7e10c132a3887c8ebfd7a8eee356b28375f1e287"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=d3ccf798fdbd4f8a89d4088130637d8dee918492","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=d3ccf798fdbd4f8a89d4088130637d8dee918492"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1940","reference_id":"","reference_type":"","scores":[{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52191","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1940"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1940","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1940"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"http://www.debian.org/security/2012/dsa-2391","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2391"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-3.php","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-3.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1940","reference_id":"CVE-2011-1940","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1940"},{"reference_url":"https://github.com/advisories/GHSA-4q58-5x28-53wv","reference_id":"GHSA-4q58-5x28-53wv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4q58-5x28-53wv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63511?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.3.10%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.3.10%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/63512?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.4.1"}],"aliases":["CVE-2011-1940","GHSA-4q58-5x28-53wv"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8amg-r4d1-kubh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44004?format=json","vulnerability_id":"VCID-92xz-8fkp-ekh3","summary":"phpMyAdmin Directory Traversal vulnerability\nDirectory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter.","references":[{"reference_url":"http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=b434320eff8ca9c2fc1b043c1804f868341af9a7","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=b434320eff8ca9c2fc1b043c1804f868341af9a7"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=b434320eff8ca9c2fc1b043c1804f868341af9a7","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=b434320eff8ca9c2fc1b043c1804f868341af9a7"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2508","reference_id":"","reference_type":"","scores":[{"value":"0.11174","scoring_system":"epss","scoring_elements":"0.93632","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2508"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"},{"reference_url":"https://web.archive.org/web/20111109175131/http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111109175131/http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008"},{"reference_url":"https://web.archive.org/web/20111217070727/http://www.securityfocus.com/archive/1/518804/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111217070727/http://www.securityfocus.com/archive/1/518804/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20111217173735/http://securityreason.com/securityalert/8306","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111217173735/http://securityreason.com/securityalert/8306"},{"reference_url":"https://web.archive.org/web/20250218012437/http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20250218012437/http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"},{"reference_url":"http://www.debian.org/security/2011/dsa-2286","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2286"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:124","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/06/28/2","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/06/28/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/06/28/6","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/06/28/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/06/28/8","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/06/28/8"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/06/29/11","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/06/29/11"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2508","reference_id":"CVE-2011-2508","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2508"},{"reference_url":"https://github.com/advisories/GHSA-q6vw-39cg-wjjf","reference_id":"GHSA-q6vw-39cg-wjjf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q6vw-39cg-wjjf"},{"reference_url":"https://security.gentoo.org/glsa/201201-01","reference_id":"GLSA-201201-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63265?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.3.10%2B2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.3.10%252B2"},{"url":"http://public2.vulnerablecode.io/api/packages/63266?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.4.3%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.4.3%252B1"}],"aliases":["CVE-2011-2508","GHSA-q6vw-39cg-wjjf"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-92xz-8fkp-ekh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98092?format=json","vulnerability_id":"VCID-eqw3-es5t-5qan","summary":"phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054349.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054349.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054355.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054355.html"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=035d002db1e1201e73e560d7d98591563b506a83","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=035d002db1e1201e73e560d7d98591563b506a83"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=035d002db1e1201e73e560d7d98591563b506a83","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=035d002db1e1201e73e560d7d98591563b506a83"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0986","reference_id":"","reference_type":"","scores":[{"value":"0.00546","scoring_system":"epss","scoring_elements":"0.68169","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0986"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65424","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/65424"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0986","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0986"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:026","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:026"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php"},{"reference_url":"https://github.com/advisories/GHSA-wcmm-28rg-mg3r","reference_id":"GHSA-wcmm-28rg-mg3r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wcmm-28rg-mg3r"},{"reference_url":"https://security.gentoo.org/glsa/201201-01","reference_id":"GLSA-201201-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/152653?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.3.9%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.3.9%252B1"}],"aliases":["CVE-2011-0986","GHSA-wcmm-28rg-mg3r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eqw3-es5t-5qan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44157?format=json","vulnerability_id":"VCID-zb95-sn9m-r3bu","summary":"Improper Restriction of XML External Entity Reference\nThe simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html"},{"reference_url":"http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4107","reference_id":"","reference_type":"","scores":[{"value":"0.12434","scoring_system":"epss","scoring_elements":"0.94035","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4107"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=751112","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=751112"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4107","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4107"},{"reference_url":"http://seclists.org/fulldisclosure/2011/Nov/21","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2011/Nov/21"},{"reference_url":"http://securityreason.com/securityalert/8533","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://securityreason.com/securityalert/8533"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/71108","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/71108"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/2fbf631384fd8cded55f4500cb87b129442f9ed2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/2fbf631384fd8cded55f4500cb87b129442f9ed2"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/34d99de000de9d15cfdf5e9cc8b7682d51110bbd","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/34d99de000de9d15cfdf5e9cc8b7682d51110bbd"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/5fa86b8e81565c15ddbc359e8f59ecd829a2b717","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/5fa86b8e81565c15ddbc359e8f59ecd829a2b717"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/a5e206fbd2ca814042cfc1bb7dd3b40c28ce3fb5","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/a5e206fbd2ca814042cfc1bb7dd3b40c28ce3fb5"},{"reference_url":"http://www.debian.org/security/2012/dsa-2391","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2391"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/11/03/3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/11/03/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/11/03/5","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/11/03/5"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656247","reference_id":"656247","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656247"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4107","reference_id":"CVE-2011-4107","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4107"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/18371.rb","reference_id":"CVE-2011-4107;OSVDB-76798","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/18371.rb"},{"reference_url":"https://github.com/advisories/GHSA-q4mm-89q2-xffg","reference_id":"GHSA-q4mm-89q2-xffg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q4mm-89q2-xffg"},{"reference_url":"https://security.gentoo.org/glsa/201201-01","reference_id":"GLSA-201201-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63517?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.3.10%2B5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.3.10%252B5"},{"url":"http://public2.vulnerablecode.io/api/packages/63518?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.4.7%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.4.7%252B1"}],"aliases":["CVE-2011-4107","GHSA-q4mm-89q2-xffg"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zb95-sn9m-r3bu"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.3.0"}