Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/phpmyadmin/phpmyadmin@5.0.0
Typecomposer
Namespacephpmyadmin
Namephpmyadmin
Version5.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.0.3
Latest_non_vulnerable_version5.2.2
Affected_by_vulnerabilities
0
url VCID-2at1-y3qg-77fb
vulnerability_id VCID-2at1-y3qg-77fb
summary 
Cross-site Scripting
An SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in `tbl_get_field.php` and `libraries/classes/Display/Results.php`). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10803
reference_id
reference_type
scores
0
value 0.02712
scoring_system epss
scoring_elements 0.86191
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10803
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10803.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10803.yaml
5
reference_url https://github.com/phpmyadmin/composer
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/composer
6
reference_url https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO
10
reference_url https://www.phpmyadmin.net/security/PMASA-2020-4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.phpmyadmin.net/security/PMASA-2020-4
11
reference_url https://www.phpmyadmin.net/security/PMASA-2020-4/
reference_id
reference_type
scores
url https://www.phpmyadmin.net/security/PMASA-2020-4/
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954666
reference_id 954666
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954666
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10803
reference_id CVE-2020-10803
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10803
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@5.0.2
purl pkg:composer/phpmyadmin/phpmyadmin@5.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b2nf-6pr3-xqaa
1
vulnerability VCID-j2k3-xghw-gfb3
2
vulnerability VCID-qmj2-pxvt-zqes
3
vulnerability VCID-wdn3-x8u3-wycp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.2
aliases CVE-2020-10803, GHSA-fcww-8wvc-38q9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2at1-y3qg-77fb
1
url VCID-32ja-yuuw-bbbh
vulnerability_id VCID-32ja-yuuw-bbbh
summary 
SQL Injection
An SQL injection vulnerability was found in retrieval of the current username (in `libraries/classes/Server/Privileges.php` and `libraries/classes/UserPassword.php`). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10804
reference_id
reference_type
scores
0
value 0.01913
scoring_system epss
scoring_elements 0.83633
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10804
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10804.yaml
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10804.yaml
5
reference_url https://github.com/phpmyadmin/composer
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/composer
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO
9
reference_url https://www.phpmyadmin.net/security/PMASA-2020-2
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.phpmyadmin.net/security/PMASA-2020-2
10
reference_url https://www.phpmyadmin.net/security/PMASA-2020-2/
reference_id
reference_type
scores
url https://www.phpmyadmin.net/security/PMASA-2020-2/
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954667
reference_id 954667
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954667
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10804
reference_id CVE-2020-10804
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10804
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@5.0.2
purl pkg:composer/phpmyadmin/phpmyadmin@5.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b2nf-6pr3-xqaa
1
vulnerability VCID-j2k3-xghw-gfb3
2
vulnerability VCID-qmj2-pxvt-zqes
3
vulnerability VCID-wdn3-x8u3-wycp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.2
aliases CVE-2020-10804, GHSA-h65r-8fp8-w7cx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-32ja-yuuw-bbbh
2
url VCID-59mu-8aep-9ycn
vulnerability_id VCID-59mu-8aep-9ycn
summary 
phpMyAdmin XSS when checking tables
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS.
references
0
reference_url https://github.com/phpmyadmin/phpmyadmin
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/phpmyadmin
1
reference_url https://github.com/phpmyadmin/phpmyadmin/commit/23c13a81709728089ff031e5b1c29b5e91baa6a7
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/phpmyadmin/commit/23c13a81709728089ff031e5b1c29b5e91baa6a7
2
reference_url https://lists.debian.org/debian-lts-announce/2025/04/msg00016.html
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/04/msg00016.html
3
reference_url https://www.phpmyadmin.net/security/PMASA-2025-1
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.phpmyadmin.net/security/PMASA-2025-1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-24530
reference_id CVE-2025-24530
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-24530
5
reference_url https://github.com/advisories/GHSA-222v-cx2c-q2f5
reference_id GHSA-222v-cx2c-q2f5
reference_type
scores
url https://github.com/advisories/GHSA-222v-cx2c-q2f5
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@5.2.2
purl pkg:composer/phpmyadmin/phpmyadmin@5.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.2.2
aliases CVE-2025-24530, GHSA-222v-cx2c-q2f5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-59mu-8aep-9ycn
3
url VCID-b2nf-6pr3-xqaa
vulnerability_id VCID-b2nf-6pr3-xqaa
summary 
SQL Injection
An issue was discovered in SearchController in phpMyAdmin. An SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html
2
reference_url https://advisory.checkmarx.net/advisory/CX-2020-4281
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://advisory.checkmarx.net/advisory/CX-2020-4281
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26935
reference_id
reference_type
scores
0
value 0.89641
scoring_system epss
scoring_elements 0.99579
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26935
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-26935.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-26935.yaml
5
reference_url https://github.com/phpmyadmin/composer
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/composer
6
reference_url https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5
10
reference_url https://security.gentoo.org/glsa/202101-35
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202101-35
11
reference_url https://www.phpmyadmin.net/security/PMASA-2020-6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.phpmyadmin.net/security/PMASA-2020-6
12
reference_url https://www.phpmyadmin.net/security/PMASA-2020-6/
reference_id
reference_type
scores
url https://www.phpmyadmin.net/security/PMASA-2020-6/
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972000
reference_id 972000
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972000
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26935
reference_id CVE-2020-26935
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26935
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@5.0.3
purl pkg:composer/phpmyadmin/phpmyadmin@5.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.3
aliases CVE-2020-26935, GHSA-7ff4-cv53-4cjq
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b2nf-6pr3-xqaa
4
url VCID-dx3h-z4dg-m3e1
vulnerability_id VCID-dx3h-z4dg-m3e1
summary 
SQL Injection
In phpMyAdmin, an SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in `libraries/classes/Controllers/Table/TableSearchController.php`. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10802
reference_id
reference_type
scores
0
value 0.01229
scoring_system epss
scoring_elements 0.79495
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10802
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10802.yaml
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10802.yaml
5
reference_url https://github.com/phpmyadmin/composer
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/composer
6
reference_url https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO
10
reference_url https://www.phpmyadmin.net/security/PMASA-2020-3
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.phpmyadmin.net/security/PMASA-2020-3
11
reference_url https://www.phpmyadmin.net/security/PMASA-2020-3/
reference_id
reference_type
scores
url https://www.phpmyadmin.net/security/PMASA-2020-3/
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954665
reference_id 954665
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954665
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10802
reference_id CVE-2020-10802
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10802
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@5.0.2
purl pkg:composer/phpmyadmin/phpmyadmin@5.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b2nf-6pr3-xqaa
1
vulnerability VCID-j2k3-xghw-gfb3
2
vulnerability VCID-qmj2-pxvt-zqes
3
vulnerability VCID-wdn3-x8u3-wycp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.2
aliases CVE-2020-10802, GHSA-f4cr-3xmc-2wpm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dx3h-z4dg-m3e1
5
url VCID-j2k3-xghw-gfb3
vulnerability_id VCID-j2k3-xghw-gfb3
summary 
Improper Neutralization of Escape, Meta, or Control Sequences
phpMyAdmin may allow CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents".
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-22278
reference_id
reference_type
scores
0
value 0.00409
scoring_system epss
scoring_elements 0.6157
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-22278
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-22278
reference_id CVE-2020-22278
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-22278
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@5.0.3
purl pkg:composer/phpmyadmin/phpmyadmin@5.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.3
aliases CVE-2020-22278
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j2k3-xghw-gfb3
6
url VCID-m2g6-2ztp-tuam
vulnerability_id VCID-m2g6-2ztp-tuam
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-22452
reference_id
reference_type
scores
0
value 0.03245
scoring_system epss
scoring_elements 0.87353
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-22452
1
reference_url https://github.com/phpmyadmin/phpmyadmin
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/phpmyadmin
2
reference_url https://github.com/phpmyadmin/phpmyadmin/commit/bc982466f08ddccad4804ba928f84ff8e25107cb
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/phpmyadmin/commit/bc982466f08ddccad4804ba928f84ff8e25107cb
3
reference_url https://github.com/phpmyadmin/phpmyadmin/issues/15898
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/phpmyadmin/issues/15898
4
reference_url https://github.com/phpmyadmin/phpmyadmin/pull/16004
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/phpmyadmin/pull/16004
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-22452
reference_id CVE-2020-22452
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-22452
6
reference_url https://github.com/advisories/GHSA-prcg-mc23-hgjh
reference_id GHSA-prcg-mc23-hgjh
reference_type
scores
url https://github.com/advisories/GHSA-prcg-mc23-hgjh
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@5.0.2
purl pkg:composer/phpmyadmin/phpmyadmin@5.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b2nf-6pr3-xqaa
1
vulnerability VCID-j2k3-xghw-gfb3
2
vulnerability VCID-qmj2-pxvt-zqes
3
vulnerability VCID-wdn3-x8u3-wycp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.2
aliases CVE-2020-22452, GHSA-prcg-mc23-hgjh
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m2g6-2ztp-tuam
7
url VCID-m3kq-1cfg-mkgc
vulnerability_id VCID-m3kq-1cfg-mkgc
summary 
Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger Cross-site Scripting (XSS) by uploading a crafted .sql file through the drag-and-drop interface. By disabling the configuration directive `$cfg['enable_drag_drop_import']`, users will be unable to use the drag and drop upload which would protect against the vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25727
reference_id
reference_type
scores
0
value 0.09658
scoring_system epss
scoring_elements 0.93048
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25727
1
reference_url https://github.com/phpmyadmin/composer
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/composer
2
reference_url https://github.com/phpmyadmin/phpmyadmin/commit/53f70fd7f3b388639922e6cc1ca51fbe890c91cc
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/phpmyadmin/commit/53f70fd7f3b388639922e6cc1ca51fbe890c91cc
3
reference_url https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e
4
reference_url https://www.phpmyadmin.net/security/PMASA-2023-1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.phpmyadmin.net/security/PMASA-2023-1
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25727
reference_id CVE-2023-25727
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25727
6
reference_url https://github.com/advisories/GHSA-6hr3-44gx-g6wh
reference_id GHSA-6hr3-44gx-g6wh
reference_type
scores
url https://github.com/advisories/GHSA-6hr3-44gx-g6wh
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@5.2.1
purl pkg:composer/phpmyadmin/phpmyadmin@5.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.2.1
aliases CVE-2023-25727, GHSA-6hr3-44gx-g6wh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m3kq-1cfg-mkgc
8
url VCID-qmj2-pxvt-zqes
vulnerability_id VCID-qmj2-pxvt-zqes
summary 
Cross-site Scripting
phpMyAdmin allows XSS through the transformation feature via a crafted link.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26934
reference_id
reference_type
scores
0
value 0.02788
scoring_system epss
scoring_elements 0.86354
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26934
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-26934.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-26934.yaml
4
reference_url https://github.com/phpmyadmin/composer
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/composer
5
reference_url https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5
12
reference_url https://security.gentoo.org/glsa/202101-35
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202101-35
13
reference_url https://www.phpmyadmin.net/security/PMASA-2020-5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.phpmyadmin.net/security/PMASA-2020-5
14
reference_url https://www.phpmyadmin.net/security/PMASA-2020-5/
reference_id
reference_type
scores
url https://www.phpmyadmin.net/security/PMASA-2020-5/
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971999
reference_id 971999
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971999
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26934
reference_id CVE-2020-26934
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26934
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@5.0.3
purl pkg:composer/phpmyadmin/phpmyadmin@5.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.3
aliases CVE-2020-26934, GHSA-6349-53vr-7hcr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qmj2-pxvt-zqes
Fixing_vulnerabilities
0
url VCID-4wn2-pnbv-sked
vulnerability_id VCID-4wn2-pnbv-sked
summary 
Cross-site Scripting
In phpMyAdm, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted `database/table` name.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-19970
reference_id
reference_type
scores
0
value 0.01296
scoring_system epss
scoring_elements 0.80037
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-19970
1
reference_url https://github.com/phpmyadmin/composer
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/composer
2
reference_url https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html
3
reference_url https://security.gentoo.org/glsa/201904-16
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201904-16
4
reference_url https://www.phpmyadmin.net/security/PMASA-2018-8
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.phpmyadmin.net/security/PMASA-2018-8
5
reference_url https://www.phpmyadmin.net/security/PMASA-2018-8/
reference_id
reference_type
scores
url https://www.phpmyadmin.net/security/PMASA-2018-8/
6
reference_url http://www.securityfocus.com/bid/106181
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/106181
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-19970
reference_id CVE-2018-19970
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-19970
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@4.8.4
purl pkg:composer/phpmyadmin/phpmyadmin@4.8.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2at1-y3qg-77fb
1
vulnerability VCID-32ja-yuuw-bbbh
2
vulnerability VCID-8rvw-n1fg-ffc2
3
vulnerability VCID-ajf6-bk2g-wkb7
4
vulnerability VCID-bd83-vf81-sfa4
5
vulnerability VCID-dx3h-z4dg-m3e1
6
vulnerability VCID-j2k3-xghw-gfb3
7
vulnerability VCID-kfr7-v6tb-eqau
8
vulnerability VCID-mzuh-5e5y-d3hr
9
vulnerability VCID-q7rn-1612-quau
10
vulnerability VCID-w6nk-akeh-4ufg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.4
1
url pkg:composer/phpmyadmin/phpmyadmin@5.0.0
purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2at1-y3qg-77fb
1
vulnerability VCID-32ja-yuuw-bbbh
2
vulnerability VCID-59mu-8aep-9ycn
3
vulnerability VCID-b2nf-6pr3-xqaa
4
vulnerability VCID-dx3h-z4dg-m3e1
5
vulnerability VCID-j2k3-xghw-gfb3
6
vulnerability VCID-m2g6-2ztp-tuam
7
vulnerability VCID-m3kq-1cfg-mkgc
8
vulnerability VCID-qmj2-pxvt-zqes
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0
aliases CVE-2018-19970, GHSA-8987-93fh-rcwq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4wn2-pnbv-sked
1
url VCID-52xs-45kd-w3hz
vulnerability_id VCID-52xs-45kd-w3hz
summary 
Information Exposure
An attacker can exploit phpMyAdm to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-19968
reference_id
reference_type
scores
0
value 0.02384
scoring_system epss
scoring_elements 0.85291
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-19968
1
reference_url https://github.com/phpmyadmin/composer
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/composer
2
reference_url https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732
3
reference_url https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html
4
reference_url https://security.gentoo.org/glsa/201904-16
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201904-16
5
reference_url https://www.phpmyadmin.net/security/PMASA-2018-6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.phpmyadmin.net/security/PMASA-2018-6
6
reference_url https://www.phpmyadmin.net/security/PMASA-2018-6/
reference_id
reference_type
scores
url https://www.phpmyadmin.net/security/PMASA-2018-6/
7
reference_url http://www.securityfocus.com/bid/106178
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/106178
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-19968
reference_id CVE-2018-19968
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-19968
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@4.8.4
purl pkg:composer/phpmyadmin/phpmyadmin@4.8.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2at1-y3qg-77fb
1
vulnerability VCID-32ja-yuuw-bbbh
2
vulnerability VCID-8rvw-n1fg-ffc2
3
vulnerability VCID-ajf6-bk2g-wkb7
4
vulnerability VCID-bd83-vf81-sfa4
5
vulnerability VCID-dx3h-z4dg-m3e1
6
vulnerability VCID-j2k3-xghw-gfb3
7
vulnerability VCID-kfr7-v6tb-eqau
8
vulnerability VCID-mzuh-5e5y-d3hr
9
vulnerability VCID-q7rn-1612-quau
10
vulnerability VCID-w6nk-akeh-4ufg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.4
1
url pkg:composer/phpmyadmin/phpmyadmin@5.0.0
purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2at1-y3qg-77fb
1
vulnerability VCID-32ja-yuuw-bbbh
2
vulnerability VCID-59mu-8aep-9ycn
3
vulnerability VCID-b2nf-6pr3-xqaa
4
vulnerability VCID-dx3h-z4dg-m3e1
5
vulnerability VCID-j2k3-xghw-gfb3
6
vulnerability VCID-m2g6-2ztp-tuam
7
vulnerability VCID-m3kq-1cfg-mkgc
8
vulnerability VCID-qmj2-pxvt-zqes
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0
aliases CVE-2018-19968, GHSA-xc97-r49q-cxgc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-52xs-45kd-w3hz
2
url VCID-ajf6-bk2g-wkb7
vulnerability_id VCID-ajf6-bk2g-wkb7
summary 
Information Exposure
When the `AllowArbitraryServer` configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the `mysql.allow_local_infile` PHP configuration, and the inadvertent ignoring of `options(MYSQLI_OPT_LOCAL_INFILE` calls.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-6799
reference_id
reference_type
scores
0
value 0.76961
scoring_system epss
scoring_elements 0.98978
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-6799
1
reference_url https://github.com/phpmyadmin/composer
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/composer
2
reference_url https://lists.debian.org/debian-lts-announce/2019/02/msg00039.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/02/msg00039.html
3
reference_url https://www.phpmyadmin.net/security/PMASA-2019-1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.phpmyadmin.net/security/PMASA-2019-1
4
reference_url https://www.phpmyadmin.net/security/PMASA-2019-1/
reference_id
reference_type
scores
url https://www.phpmyadmin.net/security/PMASA-2019-1/
5
reference_url http://www.securityfocus.com/bid/106736
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/106736
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920823
reference_id 920823
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920823
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-6799
reference_id CVE-2019-6799
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-6799
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@4.8.5
purl pkg:composer/phpmyadmin/phpmyadmin@4.8.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2at1-y3qg-77fb
1
vulnerability VCID-32ja-yuuw-bbbh
2
vulnerability VCID-8rvw-n1fg-ffc2
3
vulnerability VCID-dx3h-z4dg-m3e1
4
vulnerability VCID-j2k3-xghw-gfb3
5
vulnerability VCID-kfr7-v6tb-eqau
6
vulnerability VCID-mzuh-5e5y-d3hr
7
vulnerability VCID-q7rn-1612-quau
8
vulnerability VCID-w6nk-akeh-4ufg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.5
1
url pkg:composer/phpmyadmin/phpmyadmin@5.0.0
purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2at1-y3qg-77fb
1
vulnerability VCID-32ja-yuuw-bbbh
2
vulnerability VCID-59mu-8aep-9ycn
3
vulnerability VCID-b2nf-6pr3-xqaa
4
vulnerability VCID-dx3h-z4dg-m3e1
5
vulnerability VCID-j2k3-xghw-gfb3
6
vulnerability VCID-m2g6-2ztp-tuam
7
vulnerability VCID-m3kq-1cfg-mkgc
8
vulnerability VCID-qmj2-pxvt-zqes
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0
aliases CVE-2019-6799, GHSA-c8wj-q36q-3wg4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ajf6-bk2g-wkb7
3
url VCID-bd83-vf81-sfa4
vulnerability_id VCID-bd83-vf81-sfa4
summary 
SQL Injection
An issue was discovered in phpMyAdmin. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-6798
reference_id
reference_type
scores
0
value 0.00394
scoring_system epss
scoring_elements 0.60597
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-6798
1
reference_url https://github.com/phpmyadmin/composer
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/composer
2
reference_url https://www.phpmyadmin.net/security/PMASA-2019-2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.phpmyadmin.net/security/PMASA-2019-2
3
reference_url https://www.phpmyadmin.net/security/PMASA-2019-2/
reference_id
reference_type
scores
url https://www.phpmyadmin.net/security/PMASA-2019-2/
4
reference_url http://www.securityfocus.com/bid/106727
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/106727
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920822
reference_id 920822
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920822
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-6798
reference_id CVE-2019-6798
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-6798
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@4.8.5
purl pkg:composer/phpmyadmin/phpmyadmin@4.8.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2at1-y3qg-77fb
1
vulnerability VCID-32ja-yuuw-bbbh
2
vulnerability VCID-8rvw-n1fg-ffc2
3
vulnerability VCID-dx3h-z4dg-m3e1
4
vulnerability VCID-j2k3-xghw-gfb3
5
vulnerability VCID-kfr7-v6tb-eqau
6
vulnerability VCID-mzuh-5e5y-d3hr
7
vulnerability VCID-q7rn-1612-quau
8
vulnerability VCID-w6nk-akeh-4ufg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.5
1
url pkg:composer/phpmyadmin/phpmyadmin@5.0.0
purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2at1-y3qg-77fb
1
vulnerability VCID-32ja-yuuw-bbbh
2
vulnerability VCID-59mu-8aep-9ycn
3
vulnerability VCID-b2nf-6pr3-xqaa
4
vulnerability VCID-dx3h-z4dg-m3e1
5
vulnerability VCID-j2k3-xghw-gfb3
6
vulnerability VCID-m2g6-2ztp-tuam
7
vulnerability VCID-m3kq-1cfg-mkgc
8
vulnerability VCID-qmj2-pxvt-zqes
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0
aliases CVE-2019-6798, GHSA-f732-fxh6-g4qj
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bd83-vf81-sfa4
4
url VCID-hsbx-sk4x-2qb3
vulnerability_id VCID-hsbx-sk4x-2qb3
summary 
Improper Authentication
An issue was discovered in phpMyAdm in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for allowed pages.
references
0
reference_url http://packetstormsecurity.com/files/164623/phpMyAdmin-4.8.1-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/164623/phpMyAdmin-4.8.1-Remote-Code-Execution.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12613
reference_id
reference_type
scores
0
value 0.94262
scoring_system epss
scoring_elements 0.99938
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12613
2
reference_url https://github.com/phpmyadmin/composer
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/composer
3
reference_url https://security.gentoo.org/glsa/201904-16
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201904-16
4
reference_url https://www.exploit-db.com/exploits/44924
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/44924
5
reference_url https://www.exploit-db.com/exploits/44924/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/44924/
6
reference_url https://www.exploit-db.com/exploits/44928
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/44928
7
reference_url https://www.exploit-db.com/exploits/44928/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/44928/
8
reference_url https://www.exploit-db.com/exploits/45020
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/45020
9
reference_url https://www.exploit-db.com/exploits/45020/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/45020/
10
reference_url https://www.phpmyadmin.net/security/PMASA-2018-4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.phpmyadmin.net/security/PMASA-2018-4
11
reference_url https://www.phpmyadmin.net/security/PMASA-2018-4/
reference_id
reference_type
scores
url https://www.phpmyadmin.net/security/PMASA-2018-4/
12
reference_url http://www.securityfocus.com/bid/104532
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/104532
13
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/45020.rb
reference_id CVE-2018-12613
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/45020.rb
14
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44924.txt
reference_id CVE-2018-12613
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44924.txt
15
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44928.txt
reference_id CVE-2018-12613
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44928.txt
16
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50457.py
reference_id CVE-2018-12613
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50457.py
17
reference_url https://mp.weixin.qq.com/s?__biz=MzIzMTc1MjExOQ==&mid=2247485036&idx=1&sn=8e9647906c5d94f72564dec5bc51a2ab&chksm=e89e2eb4dfe9a7a28bff2efebb5b2723782dab660acff074c3f18c9e7dca924abdf3da618fb4&mpshare=1&scene=1&srcid=0621gAv1FMtrgoahD01psMZr&pass_ticket=LqhR
reference_id CVE-2018-12613
reference_type exploit
scores
url https://mp.weixin.qq.com/s?__biz=MzIzMTc1MjExOQ==&mid=2247485036&idx=1&sn=8e9647906c5d94f72564dec5bc51a2ab&chksm=e89e2eb4dfe9a7a28bff2efebb5b2723782dab660acff074c3f18c9e7dca924abdf3da618fb4&mpshare=1&scene=1&srcid=0621gAv1FMtrgoahD01psMZr&pass_ticket=LqhR
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12613
reference_id CVE-2018-12613
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12613
19
reference_url https://raw.githubusercontent.com/rapid7/metasploit-framework/1ded8ffb299499e18725f4d549fcadaec5528387/modules/exploits/multi/http/phpmyadmin_lfi_rce.rb
reference_id CVE-2018-12613
reference_type exploit
scores
url https://raw.githubusercontent.com/rapid7/metasploit-framework/1ded8ffb299499e18725f4d549fcadaec5528387/modules/exploits/multi/http/phpmyadmin_lfi_rce.rb
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@4.8.2
purl pkg:composer/phpmyadmin/phpmyadmin@4.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2at1-y3qg-77fb
1
vulnerability VCID-32ja-yuuw-bbbh
2
vulnerability VCID-4wn2-pnbv-sked
3
vulnerability VCID-52xs-45kd-w3hz
4
vulnerability VCID-5dd1-nzdy-zfez
5
vulnerability VCID-8rvw-n1fg-ffc2
6
vulnerability VCID-ajf6-bk2g-wkb7
7
vulnerability VCID-bd83-vf81-sfa4
8
vulnerability VCID-dx3h-z4dg-m3e1
9
vulnerability VCID-j2k3-xghw-gfb3
10
vulnerability VCID-kfr7-v6tb-eqau
11
vulnerability VCID-mzuh-5e5y-d3hr
12
vulnerability VCID-q7rn-1612-quau
13
vulnerability VCID-r4zz-m2mr-9qeb
14
vulnerability VCID-w6nk-akeh-4ufg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.2
1
url pkg:composer/phpmyadmin/phpmyadmin@5.0.0
purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2at1-y3qg-77fb
1
vulnerability VCID-32ja-yuuw-bbbh
2
vulnerability VCID-59mu-8aep-9ycn
3
vulnerability VCID-b2nf-6pr3-xqaa
4
vulnerability VCID-dx3h-z4dg-m3e1
5
vulnerability VCID-j2k3-xghw-gfb3
6
vulnerability VCID-m2g6-2ztp-tuam
7
vulnerability VCID-m3kq-1cfg-mkgc
8
vulnerability VCID-qmj2-pxvt-zqes
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0
aliases CVE-2018-12613, GHSA-x394-g9j8-x7mf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hsbx-sk4x-2qb3
5
url VCID-kfr7-v6tb-eqau
vulnerability_id VCID-kfr7-v6tb-eqau
summary 
SQL Injection
A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-18622
reference_id
reference_type
scores
0
value 0.00556
scoring_system epss
scoring_elements 0.68503
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-18622
3
reference_url https://github.com/phpmyadmin/composer/commit/51acbf53564d9b52e78509a5688ec2b68976b5f7
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/composer/commit/51acbf53564d9b52e78509a5688ec2b68976b5f7
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH
6
reference_url https://security.gentoo.org/glsa/202003-39
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202003-39
7
reference_url https://www.phpmyadmin.net/security/PMASA-2019-5
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.phpmyadmin.net/security/PMASA-2019-5
8
reference_url https://www.phpmyadmin.net/security/PMASA-2019-5/
reference_id
reference_type
scores
url https://www.phpmyadmin.net/security/PMASA-2019-5/
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945349
reference_id 945349
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945349
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-18622
reference_id CVE-2019-18622
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-18622
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@4.9.2
purl pkg:composer/phpmyadmin/phpmyadmin@4.9.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2at1-y3qg-77fb
1
vulnerability VCID-32ja-yuuw-bbbh
2
vulnerability VCID-b2nf-6pr3-xqaa
3
vulnerability VCID-dx3h-z4dg-m3e1
4
vulnerability VCID-j2k3-xghw-gfb3
5
vulnerability VCID-qmj2-pxvt-zqes
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.2
1
url pkg:composer/phpmyadmin/phpmyadmin@5.0.0
purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2at1-y3qg-77fb
1
vulnerability VCID-32ja-yuuw-bbbh
2
vulnerability VCID-59mu-8aep-9ycn
3
vulnerability VCID-b2nf-6pr3-xqaa
4
vulnerability VCID-dx3h-z4dg-m3e1
5
vulnerability VCID-j2k3-xghw-gfb3
6
vulnerability VCID-m2g6-2ztp-tuam
7
vulnerability VCID-m3kq-1cfg-mkgc
8
vulnerability VCID-qmj2-pxvt-zqes
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0
aliases CVE-2019-18622, GHSA-jgjc-332c-8cmc
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kfr7-v6tb-eqau
6
url VCID-kfrx-mmr7-euep
vulnerability_id VCID-kfrx-mmr7-euep
summary 
Cross-Site Request Forgery (CSRF)
phpMyAdm has CSRF, allowing an attacker to execute arbitrary SQL statements, related to `js/db_operations.js`, `js/tbl_operations.js`, `libraries/classes/Operations.php`, and `sql.php.`
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-10188
reference_id
reference_type
scores
0
value 0.0065
scoring_system epss
scoring_elements 0.71236
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-10188
1
reference_url https://github.com/phpmyadmin/composer
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/composer
2
reference_url https://github.com/phpmyadmin/phpmyadmin/commit/c6dd6b56e236a3aff953cee4135ecaa67130e641
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/phpmyadmin/commit/c6dd6b56e236a3aff953cee4135ecaa67130e641
3
reference_url https://www.exploit-db.com/exploits/44496
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/44496
4
reference_url https://www.exploit-db.com/exploits/44496/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/44496/
5
reference_url https://www.phpmyadmin.net/security/PMASA-2018-2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.phpmyadmin.net/security/PMASA-2018-2
6
reference_url https://www.phpmyadmin.net/security/PMASA-2018-2/
reference_id
reference_type
scores
url https://www.phpmyadmin.net/security/PMASA-2018-2/
7
reference_url http://www.securityfocus.com/bid/103936
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/103936
8
reference_url http://www.securitytracker.com/id/1040752
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1040752
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896490
reference_id 896490
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896490
10
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44496.html
reference_id CVE-2018-10188
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44496.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-10188
reference_id CVE-2018-10188
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-10188
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@4.8.0%2B1
purl pkg:composer/phpmyadmin/phpmyadmin@4.8.0%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.0%252B1
1
url pkg:composer/phpmyadmin/phpmyadmin@5.0.0
purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2at1-y3qg-77fb
1
vulnerability VCID-32ja-yuuw-bbbh
2
vulnerability VCID-59mu-8aep-9ycn
3
vulnerability VCID-b2nf-6pr3-xqaa
4
vulnerability VCID-dx3h-z4dg-m3e1
5
vulnerability VCID-j2k3-xghw-gfb3
6
vulnerability VCID-m2g6-2ztp-tuam
7
vulnerability VCID-m3kq-1cfg-mkgc
8
vulnerability VCID-qmj2-pxvt-zqes
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0
aliases CVE-2018-10188, GHSA-v6fp-h79x-9rqc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kfrx-mmr7-euep
7
url VCID-p1jn-sxds-mqd1
vulnerability_id VCID-p1jn-sxds-mqd1
summary 
Cross-site Scripting
Cross-site scripting (XSS) vulnerability in `db_central_columns.php` in phpMyAdm allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7260
reference_id
reference_type
scores
0
value 0.00302
scoring_system epss
scoring_elements 0.5376
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7260
1
reference_url https://github.com/phpmyadmin/composer
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/composer
2
reference_url https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3
3
reference_url https://udiniya.wordpress.com/2018/02/21/a-tale-of-stealing-session-cookie-in-phpmyadmin
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://udiniya.wordpress.com/2018/02/21/a-tale-of-stealing-session-cookie-in-phpmyadmin
4
reference_url https://www.phpmyadmin.net/security/PMASA-2018-1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.phpmyadmin.net/security/PMASA-2018-1
5
reference_url https://www.phpmyadmin.net/security/PMASA-2018-1/
reference_id
reference_type
scores
url https://www.phpmyadmin.net/security/PMASA-2018-1/
6
reference_url http://www.securityfocus.com/bid/103099
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/103099
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893539
reference_id 893539
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893539
8
reference_url https://security.archlinux.org/ASA-201802-11
reference_id ASA-201802-11
reference_type
scores
url https://security.archlinux.org/ASA-201802-11
9
reference_url https://security.archlinux.org/AVG-630
reference_id AVG-630
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-630
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-7260
reference_id CVE-2018-7260
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-7260
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@4.7.8
purl pkg:composer/phpmyadmin/phpmyadmin@4.7.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2at1-y3qg-77fb
1
vulnerability VCID-32ja-yuuw-bbbh
2
vulnerability VCID-4wn2-pnbv-sked
3
vulnerability VCID-52xs-45kd-w3hz
4
vulnerability VCID-5dd1-nzdy-zfez
5
vulnerability VCID-8rvw-n1fg-ffc2
6
vulnerability VCID-ajf6-bk2g-wkb7
7
vulnerability VCID-bd83-vf81-sfa4
8
vulnerability VCID-dx3h-z4dg-m3e1
9
vulnerability VCID-j2k3-xghw-gfb3
10
vulnerability VCID-kfr7-v6tb-eqau
11
vulnerability VCID-mzuh-5e5y-d3hr
12
vulnerability VCID-q7rn-1612-quau
13
vulnerability VCID-rx9z-rdmm-5fg6
14
vulnerability VCID-w6nk-akeh-4ufg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.8
1
url pkg:composer/phpmyadmin/phpmyadmin@5.0.0
purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2at1-y3qg-77fb
1
vulnerability VCID-32ja-yuuw-bbbh
2
vulnerability VCID-59mu-8aep-9ycn
3
vulnerability VCID-b2nf-6pr3-xqaa
4
vulnerability VCID-dx3h-z4dg-m3e1
5
vulnerability VCID-j2k3-xghw-gfb3
6
vulnerability VCID-m2g6-2ztp-tuam
7
vulnerability VCID-m3kq-1cfg-mkgc
8
vulnerability VCID-qmj2-pxvt-zqes
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0
aliases CVE-2018-7260, GHSA-gqmj-f46x-wqhw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p1jn-sxds-mqd1
8
url VCID-r4zz-m2mr-9qeb
vulnerability_id VCID-r4zz-m2mr-9qeb
summary 
Cross-Site Request Forgery (CSRF)
By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new `tables/routines`, deleting designer pages, `adding/deleting` users, updating user passwords, killing SQL processes.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-19969
reference_id
reference_type
scores
0
value 0.00437
scoring_system epss
scoring_elements 0.63408
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-19969
1
reference_url https://security.gentoo.org/glsa/201904-16
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201904-16
2
reference_url https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/106175
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/106175
3
reference_url https://www.phpmyadmin.net/security/PMASA-2018-7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.phpmyadmin.net/security/PMASA-2018-7
4
reference_url https://www.phpmyadmin.net/security/PMASA-2018-7/
reference_id
reference_type
scores
url https://www.phpmyadmin.net/security/PMASA-2018-7/
5
reference_url http://www.securityfocus.com/bid/106175
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/106175
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-19969
reference_id CVE-2018-19969
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-19969
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@4.7.7
purl pkg:composer/phpmyadmin/phpmyadmin@4.7.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2at1-y3qg-77fb
1
vulnerability VCID-32ja-yuuw-bbbh
2
vulnerability VCID-4wn2-pnbv-sked
3
vulnerability VCID-52xs-45kd-w3hz
4
vulnerability VCID-5dd1-nzdy-zfez
5
vulnerability VCID-8rvw-n1fg-ffc2
6
vulnerability VCID-ajf6-bk2g-wkb7
7
vulnerability VCID-bd83-vf81-sfa4
8
vulnerability VCID-dx3h-z4dg-m3e1
9
vulnerability VCID-j2k3-xghw-gfb3
10
vulnerability VCID-kfr7-v6tb-eqau
11
vulnerability VCID-mzuh-5e5y-d3hr
12
vulnerability VCID-p1jn-sxds-mqd1
13
vulnerability VCID-q7rn-1612-quau
14
vulnerability VCID-rx9z-rdmm-5fg6
15
vulnerability VCID-w6nk-akeh-4ufg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.7.7
1
url pkg:composer/phpmyadmin/phpmyadmin@4.8.4
purl pkg:composer/phpmyadmin/phpmyadmin@4.8.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2at1-y3qg-77fb
1
vulnerability VCID-32ja-yuuw-bbbh
2
vulnerability VCID-8rvw-n1fg-ffc2
3
vulnerability VCID-ajf6-bk2g-wkb7
4
vulnerability VCID-bd83-vf81-sfa4
5
vulnerability VCID-dx3h-z4dg-m3e1
6
vulnerability VCID-j2k3-xghw-gfb3
7
vulnerability VCID-kfr7-v6tb-eqau
8
vulnerability VCID-mzuh-5e5y-d3hr
9
vulnerability VCID-q7rn-1612-quau
10
vulnerability VCID-w6nk-akeh-4ufg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.4
2
url pkg:composer/phpmyadmin/phpmyadmin@5.0.0
purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2at1-y3qg-77fb
1
vulnerability VCID-32ja-yuuw-bbbh
2
vulnerability VCID-59mu-8aep-9ycn
3
vulnerability VCID-b2nf-6pr3-xqaa
4
vulnerability VCID-dx3h-z4dg-m3e1
5
vulnerability VCID-j2k3-xghw-gfb3
6
vulnerability VCID-m2g6-2ztp-tuam
7
vulnerability VCID-m3kq-1cfg-mkgc
8
vulnerability VCID-qmj2-pxvt-zqes
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0
aliases CVE-2018-19969, GHSA-xwf2-53mc-r8hx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r4zz-m2mr-9qeb
9
url VCID-rx9z-rdmm-5fg6
vulnerability_id VCID-rx9z-rdmm-5fg6
summary 
Cross-site Scripting
An issue was discovered in `js/designer/move.js` in phpMyAdm A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12581
reference_id
reference_type
scores
0
value 0.00393
scoring_system epss
scoring_elements 0.60579
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12581
1
reference_url https://github.com/phpmyadmin/phpmyadmin/commit/6943fff87324bd54c3a37a5160a5fb77498c355e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/phpmyadmin/commit/6943fff87324bd54c3a37a5160a5fb77498c355e
2
reference_url https://web.archive.org/web/20210124181711/http://www.securityfocus.com/bid/104530
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210124181711/http://www.securityfocus.com/bid/104530
3
reference_url https://web.archive.org/web/20210413204012/http://www.securitytracker.com/id/1041187
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210413204012/http://www.securitytracker.com/id/1041187
4
reference_url https://www.phpmyadmin.net/security/PMASA-2018-3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.phpmyadmin.net/security/PMASA-2018-3
5
reference_url https://www.phpmyadmin.net/security/PMASA-2018-3/
reference_id
reference_type
scores
url https://www.phpmyadmin.net/security/PMASA-2018-3/
6
reference_url http://www.securityfocus.com/bid/104530
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104530
7
reference_url http://www.securitytracker.com/id/1041187
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1041187
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12581
reference_id CVE-2018-12581
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12581
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@4.8.2
purl pkg:composer/phpmyadmin/phpmyadmin@4.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2at1-y3qg-77fb
1
vulnerability VCID-32ja-yuuw-bbbh
2
vulnerability VCID-4wn2-pnbv-sked
3
vulnerability VCID-52xs-45kd-w3hz
4
vulnerability VCID-5dd1-nzdy-zfez
5
vulnerability VCID-8rvw-n1fg-ffc2
6
vulnerability VCID-ajf6-bk2g-wkb7
7
vulnerability VCID-bd83-vf81-sfa4
8
vulnerability VCID-dx3h-z4dg-m3e1
9
vulnerability VCID-j2k3-xghw-gfb3
10
vulnerability VCID-kfr7-v6tb-eqau
11
vulnerability VCID-mzuh-5e5y-d3hr
12
vulnerability VCID-q7rn-1612-quau
13
vulnerability VCID-r4zz-m2mr-9qeb
14
vulnerability VCID-w6nk-akeh-4ufg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.8.2
1
url pkg:composer/phpmyadmin/phpmyadmin@5.0.0
purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2at1-y3qg-77fb
1
vulnerability VCID-32ja-yuuw-bbbh
2
vulnerability VCID-59mu-8aep-9ycn
3
vulnerability VCID-b2nf-6pr3-xqaa
4
vulnerability VCID-dx3h-z4dg-m3e1
5
vulnerability VCID-j2k3-xghw-gfb3
6
vulnerability VCID-m2g6-2ztp-tuam
7
vulnerability VCID-m3kq-1cfg-mkgc
8
vulnerability VCID-qmj2-pxvt-zqes
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0
aliases CVE-2018-12581, GHSA-vxj6-pm6r-23hq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rx9z-rdmm-5fg6
10
url VCID-w6nk-akeh-4ufg
vulnerability_id VCID-w6nk-akeh-4ufg
summary 
Cross-Site Request Forgery (CSRF)
A CSRF issue in phpMyAdmin allows deletion of any server in the Setup page.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html
2
reference_url http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12922
reference_id
reference_type
scores
0
value 0.31957
scoring_system epss
scoring_elements 0.96908
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12922
4
reference_url http://seclists.org/fulldisclosure/2019/Sep/23
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2019/Sep/23
5
reference_url https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161
6
reference_url https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN
10
reference_url https://www.exploit-db.com/exploits/47385
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/47385
11
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/47385.txt
reference_id CVE-2019-12922
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/47385.txt
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12922
reference_id CVE-2019-12922
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12922
fixed_packages
0
url pkg:composer/phpmyadmin/phpmyadmin@4.9.1
purl pkg:composer/phpmyadmin/phpmyadmin@4.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2at1-y3qg-77fb
1
vulnerability VCID-32ja-yuuw-bbbh
2
vulnerability VCID-b2nf-6pr3-xqaa
3
vulnerability VCID-dx3h-z4dg-m3e1
4
vulnerability VCID-j2k3-xghw-gfb3
5
vulnerability VCID-kfr7-v6tb-eqau
6
vulnerability VCID-mzuh-5e5y-d3hr
7
vulnerability VCID-qmj2-pxvt-zqes
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.1
1
url pkg:composer/phpmyadmin/phpmyadmin@5.0.0
purl pkg:composer/phpmyadmin/phpmyadmin@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2at1-y3qg-77fb
1
vulnerability VCID-32ja-yuuw-bbbh
2
vulnerability VCID-59mu-8aep-9ycn
3
vulnerability VCID-b2nf-6pr3-xqaa
4
vulnerability VCID-dx3h-z4dg-m3e1
5
vulnerability VCID-j2k3-xghw-gfb3
6
vulnerability VCID-m2g6-2ztp-tuam
7
vulnerability VCID-m3kq-1cfg-mkgc
8
vulnerability VCID-qmj2-pxvt-zqes
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0
aliases CVE-2019-12922, GHSA-4c9q-64gq-xhx4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w6nk-akeh-4ufg
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0