{"url":"http://public2.vulnerablecode.io/api/packages/63540?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.5.0","type":"composer","namespace":"phpmyadmin","name":"phpmyadmin","version":"3.5.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.9.11","latest_non_vulnerable_version":"5.2.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98116?format=json","vulnerability_id":"VCID-dp72-nvcf-nyfd","summary":"phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104725.html","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104725.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104770.html","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104770.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104936.html","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104936.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-06/msg00181.html","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-06/msg00181.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-3239","reference_id":"","reference_type":"","scores":[{"value":"0.12333","scoring_system":"epss","scoring_elements":"0.94014","published_at":"2026-06-06T12:55:00Z"},{"value":"0.12333","scoring_system":"epss","scoring_elements":"0.94006","published_at":"2026-06-04T12:55:00Z"},{"value":"0.12333","scoring_system":"epss","scoring_elements":"0.94015","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-3239"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3239","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3239"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/1f6bc0b707002e26cab216b9e57b4d5de764de48","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/1f6bc0b707002e26cab216b9e57b4d5de764de48"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/d3fafdfba0807068196655e9b6d16c5d1d3ccf8a","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/d3fafdfba0807068196655e9b6d16c5d1d3ccf8a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-3239","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-3239"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2013-3.php","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2013-3.php"},{"reference_url":"https://github.com/advisories/GHSA-gg36-9346-9qx9","reference_id":"GHSA-gg36-9346-9qx9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gg36-9346-9qx9"},{"reference_url":"https://security.gentoo.org/glsa/201311-02","reference_id":"GLSA-201311-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201311-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/152930?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.5.8%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.5.8%252B1"}],"aliases":["CVE-2013-3239","GHSA-gg36-9346-9qx9"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dp72-nvcf-nyfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98112?format=json","vulnerability_id":"VCID-jrxc-3ybk-bba7","summary":"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-11/msg00033.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-11/msg00033.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5339","reference_id":"","reference_type":"","scores":[{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43186","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43206","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43123","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43198","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5339"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/6ea8fad3f999bfdf79eb6fe31309592bca54d611","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/6ea8fad3f999bfdf79eb6fe31309592bca54d611"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/cfd688d2512df9827a8ecc0412fc264fc5bcb186","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/cfd688d2512df9827a8ecc0412fc264fc5bcb186"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5339","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5339"},{"reference_url":"https://web.archive.org/web/20121020000514/http://www.securityfocus.com/bid/55925","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121020000514/http://www.securityfocus.com/bid/55925"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php"},{"reference_url":"https://github.com/advisories/GHSA-rfpg-2fp8-2fph","reference_id":"GHSA-rfpg-2fp8-2fph","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rfpg-2fp8-2fph"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150418?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.5.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.5.3"}],"aliases":["CVE-2012-5339","GHSA-rfpg-2fp8-2fph"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jrxc-3ybk-bba7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98110?format=json","vulnerability_id":"VCID-rht1-ecwp-aqe7","summary":"Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4345","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43285","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43358","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43368","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43344","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4345"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4345","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4345"},{"reference_url":"https://web.archive.org/web/20150523055725/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2012:136/?name=MDVSA-2012:136","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150523055725/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2012:136/?name=MDVSA-2012:136"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php"},{"reference_url":"https://github.com/advisories/GHSA-r3pq-mp8v-cp33","reference_id":"GHSA-r3pq-mp8v-cp33","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r3pq-mp8v-cp33"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63544?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.5.2%2B2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.5.2%252B2"}],"aliases":["CVE-2012-4345","GHSA-r3pq-mp8v-cp33"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rht1-ecwp-aqe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98113?format=json","vulnerability_id":"VCID-u51r-f4uz-myhh","summary":"phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-11/msg00033.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-11/msg00033.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5368","reference_id":"","reference_type":"","scores":[{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62587","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62596","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62542","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62588","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5368"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/50edafc0884aa15d0a1aa178089ac6a1ad2eb18a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/50edafc0884aa15d0a1aa178089ac6a1ad2eb18a"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/a547f3d3e2cf36c6a904fa3e053fd8bddd3fbbb0","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/a547f3d3e2cf36c6a904fa3e053fd8bddd3fbbb0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5368","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5368"},{"reference_url":"https://web.archive.org/web/20200228143700/http://www.securityfocus.com/bid/55939","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228143700/http://www.securityfocus.com/bid/55939"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2012-7.php","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2012-7.php"},{"reference_url":"https://github.com/advisories/GHSA-xpxp-v33m-5jp9","reference_id":"GHSA-xpxp-v33m-5jp9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xpxp-v33m-5jp9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150418?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.5.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.5.3"}],"aliases":["CVE-2012-5368","GHSA-xpxp-v33m-5jp9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u51r-f4uz-myhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44176?format=json","vulnerability_id":"VCID-u8sc-gk1h-gkhc","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4579","reference_id":"","reference_type":"","scores":[{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40004","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40086","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40088","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.4006","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4579"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4579","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4579"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4579","reference_id":"CVE-2012-4579","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4579"},{"reference_url":"https://github.com/advisories/GHSA-q7v2-w38r-pv7v","reference_id":"GHSA-q7v2-w38r-pv7v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q7v2-w38r-pv7v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63544?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.5.2%2B2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.5.2%252B2"}],"aliases":["CVE-2012-4579","GHSA-q7v2-w38r-pv7v"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u8sc-gk1h-gkhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44170?format=json","vulnerability_id":"VCID-v6xv-djkp-4kgw","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitle (aka chart title) value.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4997","reference_id":"","reference_type":"","scores":[{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49863","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49925","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49935","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49916","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4997"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4997","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4997"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4997","reference_id":"CVE-2013-4997","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4997"},{"reference_url":"https://github.com/advisories/GHSA-5gh4-v2ch-pcx4","reference_id":"GHSA-5gh4-v2ch-pcx4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5gh4-v2ch-pcx4"},{"reference_url":"https://security.gentoo.org/glsa/201311-02","reference_id":"GLSA-201311-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201311-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63541?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.5.8%2B2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.5.8%252B2"}],"aliases":["CVE-2013-4997","GHSA-5gh4-v2ch-pcx4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v6xv-djkp-4kgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98127?format=json","vulnerability_id":"VCID-ww5r-71kf-tfgr","summary":"Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5002","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43285","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43358","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43368","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43344","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5002"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4995","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4995"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4996","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4996"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5002","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5002"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5003","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5003"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1879","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1879"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-5002","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-5002"},{"reference_url":"http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php"},{"reference_url":"https://github.com/advisories/GHSA-p632-5w74-x8xx","reference_id":"GHSA-p632-5w74-x8xx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p632-5w74-x8xx"},{"reference_url":"https://security.gentoo.org/glsa/201311-02","reference_id":"GLSA-201311-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201311-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63541?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@3.5.8%2B2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.5.8%252B2"},{"url":"http://public2.vulnerablecode.io/api/packages/53738?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.4%2B2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23dq-w66r-k3bt"},{"vulnerability":"VCID-38tp-acy8-57hj"},{"vulnerability":"VCID-txba-1at4-ekg2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.4%252B2"},{"url":"http://public2.vulnerablecode.io/api/packages/241051?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.0.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-282b-1ugg-yuev"},{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-a94q-k98a-6qbw"},{"vulnerability":"VCID-amgy-teas-euh5"},{"vulnerability":"VCID-cbjd-e3sk-m7bu"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-kfr7-v6tb-eqau"},{"vulnerability":"VCID-m54t-23nu-3kaa"},{"vulnerability":"VCID-mzuh-5e5y-d3hr"},{"vulnerability":"VCID-n7cc-xfym-u7g4"},{"vulnerability":"VCID-r9sb-489v-fqc9"},{"vulnerability":"VCID-tvfz-v881-sufp"},{"vulnerability":"VCID-w6nk-akeh-4ufg"},{"vulnerability":"VCID-zyes-82y3-g7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.4.2"}],"aliases":["CVE-2013-5002","GHSA-p632-5w74-x8xx"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ww5r-71kf-tfgr"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.5.0"}