{"url":"http://public2.vulnerablecode.io/api/packages/63264?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.4.0","type":"composer","namespace":"phpmyadmin","name":"phpmyadmin","version":"3.4.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.9.8","latest_non_vulnerable_version":"5.2.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98102?format=json","vulnerability_id":"VCID-67va-epqd-vydp","summary":"Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a (1) database name, (2) table name, or (3) column name that is not properly handled after an inline-editing operation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3592","reference_id":"","reference_type":"","scores":[{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3931","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3592"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=738681","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=738681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3592","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3592"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/2f28ce9c800274190418da0945ce3647d36e1db6","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/2f28ce9c800274190418da0945ce3647d36e1db6"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/bda213c58aec44925be661acb0e76c19483ea170","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/bda213c58aec44925be661acb0e76c19483ea170"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3592","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3592"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/09/30/8","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/09/30/8"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php"},{"reference_url":"https://github.com/advisories/GHSA-5p69-rmx8-7gw7","reference_id":"GHSA-5p69-rmx8-7gw7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5p69-rmx8-7gw7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/151871?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.4.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.4.5"}],"aliases":["CVE-2011-3592","GHSA-5p69-rmx8-7gw7"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-67va-epqd-vydp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44048?format=json","vulnerability_id":"VCID-6r4m-kxj7-ybb6","summary":"Improper Control of Generation of Code ('Code Injection')\nsetup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.","references":[{"reference_url":"http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2506","reference_id":"","reference_type":"","scores":[{"value":"0.33677","scoring_system":"epss","scoring_elements":"0.97037","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2506"},{"reference_url":"http://securityreason.com/securityalert/8306","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://securityreason.com/securityalert/8306"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/2e01647949df937040e73a94ce0bac0daecbdcf4","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/2e01647949df937040e73a94ce0bac0daecbdcf4"},{"reference_url":"https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"},{"reference_url":"https://web.archive.org/web/20111116172111/http://www.securityfocus.com/archive/1/518804/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111116172111/http://www.securityfocus.com/archive/1/518804/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20121105034518/http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121105034518/http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/","reference_id":"","reference_type":"","scores":[],"url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"},{"reference_url":"http://www.debian.org/security/2011/dsa-2286","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2286"},{"reference_url":"http://www.exploit-db.com/exploits/17514","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.exploit-db.com/exploits/17514"},{"reference_url":"http://www.exploit-db.com/exploits/17514/","reference_id":"","reference_type":"","scores":[],"url":"http://www.exploit-db.com/exploits/17514/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/06/28/2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/06/28/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/06/28/6","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/06/28/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/06/28/8","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/06/28/8"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/06/29/11","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/06/29/11"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2506","reference_id":"CVE-2011-2506","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2506"},{"reference_url":"https://github.com/advisories/GHSA-p6h7-29r2-g88f","reference_id":"GHSA-p6h7-29r2-g88f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p6h7-29r2-g88f"},{"reference_url":"https://security.gentoo.org/glsa/201201-01","reference_id":"GLSA-201201-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63266?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.4.3%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.4.3%252B1"}],"aliases":["CVE-2011-2506","GHSA-p6h7-29r2-g88f"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6r4m-kxj7-ybb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44151?format=json","vulnerability_id":"VCID-8amg-r4d1-kubh","summary":"phpMyAdmin Vulnerable to Cross-Site Scripting\nMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php.","references":[{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=7e10c132a3887c8ebfd7a8eee356b28375f1e287","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=7e10c132a3887c8ebfd7a8eee356b28375f1e287"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=d3ccf798fdbd4f8a89d4088130637d8dee918492","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=d3ccf798fdbd4f8a89d4088130637d8dee918492"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=7e10c132a3887c8ebfd7a8eee356b28375f1e287","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=7e10c132a3887c8ebfd7a8eee356b28375f1e287"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=d3ccf798fdbd4f8a89d4088130637d8dee918492","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=d3ccf798fdbd4f8a89d4088130637d8dee918492"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1940","reference_id":"","reference_type":"","scores":[{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52191","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1940"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1940","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1940"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"http://www.debian.org/security/2012/dsa-2391","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2391"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-3.php","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-3.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1940","reference_id":"CVE-2011-1940","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1940"},{"reference_url":"https://github.com/advisories/GHSA-4q58-5x28-53wv","reference_id":"GHSA-4q58-5x28-53wv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4q58-5x28-53wv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63512?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.4.1"}],"aliases":["CVE-2011-1940","GHSA-4q58-5x28-53wv"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8amg-r4d1-kubh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44004?format=json","vulnerability_id":"VCID-92xz-8fkp-ekh3","summary":"phpMyAdmin Directory Traversal vulnerability\nDirectory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter.","references":[{"reference_url":"http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=b434320eff8ca9c2fc1b043c1804f868341af9a7","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=b434320eff8ca9c2fc1b043c1804f868341af9a7"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=b434320eff8ca9c2fc1b043c1804f868341af9a7","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=b434320eff8ca9c2fc1b043c1804f868341af9a7"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2508","reference_id":"","reference_type":"","scores":[{"value":"0.11174","scoring_system":"epss","scoring_elements":"0.93632","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2508"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"},{"reference_url":"https://web.archive.org/web/20111109175131/http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111109175131/http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008"},{"reference_url":"https://web.archive.org/web/20111217070727/http://www.securityfocus.com/archive/1/518804/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111217070727/http://www.securityfocus.com/archive/1/518804/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20111217173735/http://securityreason.com/securityalert/8306","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111217173735/http://securityreason.com/securityalert/8306"},{"reference_url":"https://web.archive.org/web/20250218012437/http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20250218012437/http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"},{"reference_url":"http://www.debian.org/security/2011/dsa-2286","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2286"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:124","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/06/28/2","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/06/28/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/06/28/6","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/06/28/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/06/28/8","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/06/28/8"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/06/29/11","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/06/29/11"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2508","reference_id":"CVE-2011-2508","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2508"},{"reference_url":"https://github.com/advisories/GHSA-q6vw-39cg-wjjf","reference_id":"GHSA-q6vw-39cg-wjjf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q6vw-39cg-wjjf"},{"reference_url":"https://security.gentoo.org/glsa/201201-01","reference_id":"GLSA-201201-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63266?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.4.3%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.4.3%252B1"}],"aliases":["CVE-2011-2508","GHSA-q6vw-39cg-wjjf"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-92xz-8fkp-ekh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98101?format=json","vulnerability_id":"VCID-94pm-84ku-w3cw","summary":"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to (1) js/functions.js and (2) js/tbl_structure.js.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3591","reference_id":"","reference_type":"","scores":[{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3931","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3591"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=738681","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=738681"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3591","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3591"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/bda213c58aec44925be661acb0e76c19483ea170","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/bda213c58aec44925be661acb0e76c19483ea170"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3591","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3591"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/09/30/8","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/09/30/8"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php"},{"reference_url":"https://github.com/advisories/GHSA-3p87-w3c5-27gf","reference_id":"GHSA-3p87-w3c5-27gf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3p87-w3c5-27gf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/151871?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.4.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.4.5"}],"aliases":["CVE-2011-3591","GHSA-3p87-w3c5-27gf"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-94pm-84ku-w3cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98105?format=json","vulnerability_id":"VCID-kxq1-41am-gqdc","summary":"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel; (2) a crafted database name, related to the Database rename panel; (3) a crafted SQL query, related to the table overview panel; (4) a crafted SQL query, related to the view creation dialog; (5) a crafted column type, related to the table search dialog; or (6) a crafted column type, related to the create index dialog.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071040.html","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071040.html"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=077c10020e349e8c1beb46309098992fde616913","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=077c10020e349e8c1beb46309098992fde616913"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=1490533d91e9d3820e78ca4eac7981886eaea2cb","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=1490533d91e9d3820e78ca4eac7981886eaea2cb"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=b289fe082441dc739939b0ba15dae0d9dc6cee92","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=b289fe082441dc739939b0ba15dae0d9dc6cee92"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=dac8d6ce256333ff45b5f46270304b8657452740","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=dac8d6ce256333ff45b5f46270304b8657452740"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=077c10020e349e8c1beb46309098992fde616913","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=077c10020e349e8c1beb46309098992fde616913"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=1490533d91e9d3820e78ca4eac7981886eaea2cb","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=1490533d91e9d3820e78ca4eac7981886eaea2cb"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=b289fe082441dc739939b0ba15dae0d9dc6cee92","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=b289fe082441dc739939b0ba15dae0d9dc6cee92"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=dac8d6ce256333ff45b5f46270304b8657452740","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=dac8d6ce256333ff45b5f46270304b8657452740"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4634","reference_id":"","reference_type":"","scores":[{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62333","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4634"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4634","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4634"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4634","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4634"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:198","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:198"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-18.php","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-18.php"},{"reference_url":"https://github.com/advisories/GHSA-9j9h-cpgc-8356","reference_id":"GHSA-9j9h-cpgc-8356","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9j9h-cpgc-8356"},{"reference_url":"https://security.gentoo.org/glsa/201201-01","reference_id":"GLSA-201201-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/155613?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.4.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.4.8"}],"aliases":["CVE-2011-4634","GHSA-9j9h-cpgc-8356"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kxq1-41am-gqdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98094?format=json","vulnerability_id":"VCID-mctt-kqsq-97gt","summary":"Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.","references":[{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=b7a8179eb6bf0f1643970ac57a70b5b513a1cd4f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=b7a8179eb6bf0f1643970ac57a70b5b513a1cd4f"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=ecfc8ba4f7b4ea612c58ab5726054ed0f28e200d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=ecfc8ba4f7b4ea612c58ab5726054ed0f28e200d"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1941","reference_id":"","reference_type":"","scores":[{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48773","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1941","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1941"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://github.com/phpmyadmin/composer/commit/b7a8179eb6bf0f1643970ac57a70b5b513a1cd4f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer/commit/b7a8179eb6bf0f1643970ac57a70b5b513a1cd4f"},{"reference_url":"https://github.com/phpmyadmin/composer/commit/ecfc8ba4f7b4ea612c58ab5726054ed0f28e200d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer/commit/ecfc8ba4f7b4ea612c58ab5726054ed0f28e200d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1941","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1941"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-4.php","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-4.php"},{"reference_url":"https://github.com/advisories/GHSA-v6fw-xf2c-8q43","reference_id":"GHSA-v6fw-xf2c-8q43","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v6fw-xf2c-8q43"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63512?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.4.1"}],"aliases":["CVE-2011-1941","GHSA-v6fw-xf2c-8q43"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mctt-kqsq-97gt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44137?format=json","vulnerability_id":"VCID-ntmf-36f1-e3fg","summary":"phpMyAdmin Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071537.html","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071537.html"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=0e707906e69ce90c4852a0fce2a0fac7db86a3cd","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=0e707906e69ce90c4852a0fce2a0fac7db86a3cd"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=0e707906e69ce90c4852a0fce2a0fac7db86a3cd","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=0e707906e69ce90c4852a0fce2a0fac7db86a3cd"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4782","reference_id":"","reference_type":"","scores":[{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.65195","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4782"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4782","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4782"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/71938","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/71938"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:198","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:198"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php","reference_id":"","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4782","reference_id":"CVE-2011-4782","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4782"},{"reference_url":"https://github.com/advisories/GHSA-2h23-c973-x63q","reference_id":"GHSA-2h23-c973-x63q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2h23-c973-x63q"},{"reference_url":"https://security.gentoo.org/glsa/201201-01","reference_id":"GLSA-201201-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63478?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.4.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.4.9"}],"aliases":["CVE-2011-4782","GHSA-2h23-c973-x63q"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ntmf-36f1-e3fg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44031?format=json","vulnerability_id":"VCID-qnf5-aays-qkf1","summary":"Improper Control of Generation of Code ('Code Injection')\nlibraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a \"remote variable manipulation vulnerability.\"","references":[{"reference_url":"http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2505","reference_id":"","reference_type":"","scores":[{"value":"0.37008","scoring_system":"epss","scoring_elements":"0.97245","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2505"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2505","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2505"},{"reference_url":"http://securityreason.com/securityalert/8306","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://securityreason.com/securityalert/8306"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://github.com/phpmyadmin/composer/commit/7ebd958b2bf59f96fecd5b3322bdbd0b244a7967","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer/commit/7ebd958b2bf59f96fecd5b3322bdbd0b244a7967"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/6e6e129f26295c83d67b74e202628a4b8bc49e54","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/6e6e129f26295c83d67b74e202628a4b8bc49e54"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/7ebd958b2bf59f96fecd5b3322bdbd0b244a7967","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/7ebd958b2bf59f96fecd5b3322bdbd0b244a7967"},{"reference_url":"https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"},{"reference_url":"https://web.archive.org/web/20111116172111/http://www.securityfocus.com/archive/1/518804/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111116172111/http://www.securityfocus.com/archive/1/518804/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20121105034518/http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121105034518/http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/","reference_id":"","reference_type":"","scores":[],"url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"},{"reference_url":"http://www.debian.org/security/2011/dsa-2286","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2286"},{"reference_url":"http://www.exploit-db.com/exploits/17514","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.exploit-db.com/exploits/17514"},{"reference_url":"http://www.exploit-db.com/exploits/17514/","reference_id":"","reference_type":"","scores":[],"url":"http://www.exploit-db.com/exploits/17514/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/06/28/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/06/28/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/06/28/6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/06/28/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/06/28/8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/06/28/8"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/06/29/11","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/06/29/11"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2505","reference_id":"CVE-2011-2505","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2505"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/17510.py","reference_id":"CVE-2011-2506;CVE-2011-2505;OSVDB-73612;OSVDB-73611","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/17510.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/17514.php","reference_id":"CVE-2011-2506;CVE-2011-2505;OSVDB-73612;OSVDB-73611","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/17514.php"},{"reference_url":"http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt","reference_id":"CVE-2011-2506;CVE-2011-2505;OSVDB-73612;OSVDB-73611","reference_type":"exploit","scores":[],"url":"http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"},{"reference_url":"https://github.com/advisories/GHSA-vqcm-r62w-w437","reference_id":"GHSA-vqcm-r62w-w437","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vqcm-r62w-w437"},{"reference_url":"https://security.gentoo.org/glsa/201201-01","reference_id":"GLSA-201201-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63266?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.4.3%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.4.3%252B1"}],"aliases":["CVE-2011-2505","GHSA-vqcm-r62w-w437"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qnf5-aays-qkf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98110?format=json","vulnerability_id":"VCID-rht1-ecwp-aqe7","summary":"Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4345","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43285","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4345"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4345","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4345"},{"reference_url":"https://web.archive.org/web/20150523055725/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2012:136/?name=MDVSA-2012:136","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150523055725/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2012:136/?name=MDVSA-2012:136"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php"},{"reference_url":"https://github.com/advisories/GHSA-r3pq-mp8v-cp33","reference_id":"GHSA-r3pq-mp8v-cp33","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r3pq-mp8v-cp33"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/152980?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.4.11%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.4.11%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/63544?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.5.2%2B2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.5.2%252B2"}],"aliases":["CVE-2012-4345","GHSA-r3pq-mp8v-cp33"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rht1-ecwp-aqe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98098?format=json","vulnerability_id":"VCID-uyyu-r5e4-mqfg","summary":"Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393"},{"reference_url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2718","reference_id":"","reference_type":"","scores":[{"value":"0.01003","scoring_system":"epss","scoring_elements":"0.77362","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2718"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=725383","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=725383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2718","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2718"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/68768","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/68768"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/3ae58f0cd6b89ad4767920f9b214c38d3f6d4393","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/3ae58f0cd6b89ad4767920f9b214c38d3f6d4393"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2718","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2718"},{"reference_url":"https://web.archive.org/web/20120111084137/http://www.securityfocus.com/bid/48874","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120111084137/http://www.securityfocus.com/bid/48874"},{"reference_url":"https://web.archive.org/web/20121105034518/http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121105034518/http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/07/25/4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/07/25/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/07/26/10","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/07/26/10"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php"},{"reference_url":"https://github.com/advisories/GHSA-xhqq-554j-p4x8","reference_id":"GHSA-xhqq-554j-p4x8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xhqq-554j-p4x8"},{"reference_url":"https://security.gentoo.org/glsa/201201-01","reference_id":"GLSA-201201-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/151718?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.4.3%2B2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.4.3%252B2"}],"aliases":["CVE-2011-2718","GHSA-xhqq-554j-p4x8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uyyu-r5e4-mqfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44157?format=json","vulnerability_id":"VCID-zb95-sn9m-r3bu","summary":"Improper Restriction of XML External Entity Reference\nThe simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html"},{"reference_url":"http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4107","reference_id":"","reference_type":"","scores":[{"value":"0.12434","scoring_system":"epss","scoring_elements":"0.94035","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4107"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=751112","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=751112"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4107","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4107"},{"reference_url":"http://seclists.org/fulldisclosure/2011/Nov/21","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2011/Nov/21"},{"reference_url":"http://securityreason.com/securityalert/8533","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://securityreason.com/securityalert/8533"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/71108","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/71108"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/2fbf631384fd8cded55f4500cb87b129442f9ed2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/2fbf631384fd8cded55f4500cb87b129442f9ed2"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/34d99de000de9d15cfdf5e9cc8b7682d51110bbd","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/34d99de000de9d15cfdf5e9cc8b7682d51110bbd"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/5fa86b8e81565c15ddbc359e8f59ecd829a2b717","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/5fa86b8e81565c15ddbc359e8f59ecd829a2b717"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/a5e206fbd2ca814042cfc1bb7dd3b40c28ce3fb5","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/a5e206fbd2ca814042cfc1bb7dd3b40c28ce3fb5"},{"reference_url":"http://www.debian.org/security/2012/dsa-2391","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2391"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/11/03/3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/11/03/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/11/03/5","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/11/03/5"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656247","reference_id":"656247","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656247"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4107","reference_id":"CVE-2011-4107","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4107"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/18371.rb","reference_id":"CVE-2011-4107;OSVDB-76798","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/18371.rb"},{"reference_url":"https://github.com/advisories/GHSA-q4mm-89q2-xffg","reference_id":"GHSA-q4mm-89q2-xffg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q4mm-89q2-xffg"},{"reference_url":"https://security.gentoo.org/glsa/201201-01","reference_id":"GLSA-201201-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63518?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.4.7%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.4.7%252B1"}],"aliases":["CVE-2011-4107","GHSA-q4mm-89q2-xffg"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zb95-sn9m-r3bu"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.4.0"}