{"url":"http://public2.vulnerablecode.io/api/packages/76289?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.9.2","type":"composer","namespace":"phpmyadmin","name":"phpmyadmin","version":"4.9.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.9.11","latest_non_vulnerable_version":"5.2.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52411?format=json","vulnerability_id":"VCID-2at1-y3qg-77fb","summary":"Cross-site Scripting\nAn SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in `tbl_get_field.php` and `libraries/classes/Display/Results.php`). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10803","reference_id":"","reference_type":"","scores":[{"value":"0.02712","scoring_system":"epss","scoring_elements":"0.86212","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02712","scoring_system":"epss","scoring_elements":"0.86191","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10803"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10803.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10803.yaml"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-4","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2020-4"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-4/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2020-4/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954666","reference_id":"954666","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954666"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10803","reference_id":"CVE-2020-10803","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10803"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76942?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-qmj2-pxvt-zqes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/63727?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@5.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-wdn3-x8u3-wycp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.2"}],"aliases":["CVE-2020-10803","GHSA-fcww-8wvc-38q9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2at1-y3qg-77fb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52413?format=json","vulnerability_id":"VCID-32ja-yuuw-bbbh","summary":"SQL Injection\nAn SQL injection vulnerability was found in retrieval of the current username (in `libraries/classes/Server/Privileges.php` and `libraries/classes/UserPassword.php`). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10804","reference_id":"","reference_type":"","scores":[{"value":"0.01913","scoring_system":"epss","scoring_elements":"0.83658","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01913","scoring_system":"epss","scoring_elements":"0.83633","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10804"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10804.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10804.yaml"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-2","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2020-2"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-2/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2020-2/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954667","reference_id":"954667","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954667"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10804","reference_id":"CVE-2020-10804","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10804"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76942?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-qmj2-pxvt-zqes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/63727?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@5.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-wdn3-x8u3-wycp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.2"}],"aliases":["CVE-2020-10804","GHSA-h65r-8fp8-w7cx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-32ja-yuuw-bbbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42167?format=json","vulnerability_id":"VCID-47ju-f89a-eud8","summary":"Improper Authentication\nAn issue was discovered in phpMyAdm. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23807","reference_id":"","reference_type":"","scores":[{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34719","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34815","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23807"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/ca54f1db050859eb8555875c6aa5d7796fdf4b32","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/ca54f1db050859eb8555875c6aa5d7796fdf4b32"},{"reference_url":"https://security.gentoo.org/glsa/202311-17","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202311-17"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2022-1","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2022-1"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2022-1/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2022-1/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23807","reference_id":"CVE-2022-23807","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23807"},{"reference_url":"https://github.com/advisories/GHSA-8wf2-3ggj-78q9","reference_id":"GHSA-8wf2-3ggj-78q9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8wf2-3ggj-78q9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60260?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.9.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.8"},{"url":"http://public2.vulnerablecode.io/api/packages/63726?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@5.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-qmj2-pxvt-zqes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/60257?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@5.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.1.2"}],"aliases":["CVE-2022-23807","GHSA-8wf2-3ggj-78q9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-47ju-f89a-eud8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98196?format=json","vulnerability_id":"VCID-7vpu-x9mb-q3c6","summary":"In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5504","reference_id":"","reference_type":"","scores":[{"value":"0.10648","scoring_system":"epss","scoring_elements":"0.93435","published_at":"2026-06-04T12:55:00Z"},{"value":"0.2219","scoring_system":"epss","scoring_elements":"0.95911","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5504"},{"reference_url":"https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-5504.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-5504.yaml"},{"reference_url":"https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-5504.md","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-5504.md"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5504","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5504"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2020-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948718","reference_id":"948718","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948718"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52451.txt","reference_id":"CVE-2020-5504","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52451.txt"},{"reference_url":"https://github.com/advisories/GHSA-fgj8-93xx-f6g6","reference_id":"GHSA-fgj8-93xx-f6g6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fgj8-93xx-f6g6"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150171?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.9.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-qmj2-pxvt-zqes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.4"},{"url":"http://public2.vulnerablecode.io/api/packages/150172?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@5.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-qmj2-pxvt-zqes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.1"}],"aliases":["CVE-2020-5504","GHSA-fgj8-93xx-f6g6"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7vpu-x9mb-q3c6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53708?format=json","vulnerability_id":"VCID-b2nf-6pr3-xqaa","summary":"SQL Injection\nAn issue was discovered in SearchController in phpMyAdmin. An SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html"},{"reference_url":"https://advisory.checkmarx.net/advisory/CX-2020-4281","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://advisory.checkmarx.net/advisory/CX-2020-4281"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26935","reference_id":"","reference_type":"","scores":[{"value":"0.89641","scoring_system":"epss","scoring_elements":"0.99579","published_at":"2026-06-04T12:55:00Z"},{"value":"0.89641","scoring_system":"epss","scoring_elements":"0.99581","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26935"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26935","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26935"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-26935.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-26935.yaml"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5"},{"reference_url":"https://security.gentoo.org/glsa/202101-35","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202101-35"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2020-6"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-6/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2020-6/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972000","reference_id":"972000","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972000"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26935","reference_id":"CVE-2020-26935","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26935"},{"reference_url":"https://github.com/advisories/GHSA-7ff4-cv53-4cjq","reference_id":"GHSA-7ff4-cv53-4cjq","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7ff4-cv53-4cjq"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/78928?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/78929?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@5.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.3"}],"aliases":["CVE-2020-26935","GHSA-7ff4-cv53-4cjq"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b2nf-6pr3-xqaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42612?format=json","vulnerability_id":"VCID-d3qn-js1p-7yeq","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nPhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0813","reference_id":"","reference_type":"","scores":[{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55092","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.5515","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0813"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202311-17","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202311-17"},{"reference_url":"https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information","reference_id":"","reference_type":"","scores":[],"url":"https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information"},{"reference_url":"https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released"},{"reference_url":"https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0813","reference_id":"CVE-2022-0813","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0813"},{"reference_url":"https://github.com/advisories/GHSA-vx8q-j7h9-vf6q","reference_id":"GHSA-vx8q-j7h9-vf6q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vx8q-j7h9-vf6q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60257?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@5.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/148443?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@5.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.1.3"}],"aliases":["CVE-2022-0813","GHSA-vx8q-j7h9-vf6q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d3qn-js1p-7yeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52410?format=json","vulnerability_id":"VCID-dx3h-z4dg-m3e1","summary":"SQL Injection\nIn phpMyAdmin, an SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in `libraries/classes/Controllers/Table/TableSearchController.php`. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10802","reference_id":"","reference_type":"","scores":[{"value":"0.01229","scoring_system":"epss","scoring_elements":"0.79522","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01229","scoring_system":"epss","scoring_elements":"0.79495","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10802"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10802.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10802.yaml"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-3","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2020-3"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-3/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2020-3/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954665","reference_id":"954665","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954665"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10802","reference_id":"CVE-2020-10802","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10802"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76942?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-qmj2-pxvt-zqes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/63727?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@5.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-qmj2-pxvt-zqes"},{"vulnerability":"VCID-wdn3-x8u3-wycp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.2"}],"aliases":["CVE-2020-10802","GHSA-f4cr-3xmc-2wpm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dx3h-z4dg-m3e1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53759?format=json","vulnerability_id":"VCID-j2k3-xghw-gfb3","summary":"Improper Neutralization of Escape, Meta, or Control Sequences\nphpMyAdmin may allow CSV injection via Export Section. NOTE: the vendor disputes this because \"the CSV file is accurately generated based on the database contents\".","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-22278","reference_id":"","reference_type":"","scores":[{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.6157","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00409","scoring_system":"epss","scoring_elements":"0.61619","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-22278"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22278","reference_id":"CVE-2020-22278","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22278"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/78929?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@5.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.3"}],"aliases":["CVE-2020-22278"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j2k3-xghw-gfb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44442?format=json","vulnerability_id":"VCID-m3kq-1cfg-mkgc","summary":"Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin\nIn phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger Cross-site Scripting (XSS) by uploading a crafted .sql file through the drag-and-drop interface. By disabling the configuration directive `$cfg['enable_drag_drop_import']`, users will be unable to use the drag and drop upload which would protect against the vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25727","reference_id":"","reference_type":"","scores":[{"value":"0.09658","scoring_system":"epss","scoring_elements":"0.93059","published_at":"2026-06-05T12:55:00Z"},{"value":"0.09658","scoring_system":"epss","scoring_elements":"0.93048","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25727"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25727","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25727"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/53f70fd7f3b388639922e6cc1ca51fbe890c91cc","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/53f70fd7f3b388639922e6cc1ca51fbe890c91cc"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2023-1","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2023-1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25727","reference_id":"CVE-2023-25727","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25727"},{"reference_url":"https://github.com/advisories/GHSA-6hr3-44gx-g6wh","reference_id":"GHSA-6hr3-44gx-g6wh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6hr3-44gx-g6wh"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2023-1/","reference_id":"PMASA-2023-1","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:52:37Z/"}],"url":"https://www.phpmyadmin.net/security/PMASA-2023-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63922?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.9.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.11"},{"url":"http://public2.vulnerablecode.io/api/packages/63923?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@5.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59mu-8aep-9ycn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.2.1"}],"aliases":["CVE-2023-25727","GHSA-6hr3-44gx-g6wh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m3kq-1cfg-mkgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53706?format=json","vulnerability_id":"VCID-qmj2-pxvt-zqes","summary":"Cross-site Scripting\nphpMyAdmin allows XSS through the transformation feature via a crafted link.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26934","reference_id":"","reference_type":"","scores":[{"value":"0.02788","scoring_system":"epss","scoring_elements":"0.86377","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02788","scoring_system":"epss","scoring_elements":"0.86354","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26934"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-26934.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-26934.yaml"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5"},{"reference_url":"https://security.gentoo.org/glsa/202101-35","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202101-35"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-5","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2020-5"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2020-5/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2020-5/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971999","reference_id":"971999","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971999"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26934","reference_id":"CVE-2020-26934","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26934"},{"reference_url":"https://github.com/advisories/GHSA-6349-53vr-7hcr","reference_id":"GHSA-6349-53vr-7hcr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6349-53vr-7hcr"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/78928?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/78929?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@5.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.3"}],"aliases":["CVE-2020-26934","GHSA-6349-53vr-7hcr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qmj2-pxvt-zqes"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52056?format=json","vulnerability_id":"VCID-kfr7-v6tb-eqau","summary":"SQL Injection\nA crafted database/table name can be used to trigger a SQL injection attack through the designer feature.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18622","reference_id":"","reference_type":"","scores":[{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68544","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68503","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18622"},{"reference_url":"https://github.com/phpmyadmin/composer/commit/51acbf53564d9b52e78509a5688ec2b68976b5f7","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer/commit/51acbf53564d9b52e78509a5688ec2b68976b5f7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH/"},{"reference_url":"https://security.gentoo.org/glsa/202003-39","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202003-39"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2019-5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/security/PMASA-2019-5"},{"reference_url":"https://www.phpmyadmin.net/security/PMASA-2019-5/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/security/PMASA-2019-5/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945349","reference_id":"945349","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945349"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18622","reference_id":"CVE-2019-18622","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18622"},{"reference_url":"https://github.com/advisories/GHSA-jgjc-332c-8cmc","reference_id":"GHSA-jgjc-332c-8cmc","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jgjc-332c-8cmc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76289?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-qmj2-pxvt-zqes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.2"},{"url":"http://public2.vulnerablecode.io/api/packages/63726?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@5.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-59mu-8aep-9ycn"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m2g6-2ztp-tuam"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-qmj2-pxvt-zqes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@5.0.0"}],"aliases":["CVE-2019-18622","GHSA-jgjc-332c-8cmc"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kfr7-v6tb-eqau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52077?format=json","vulnerability_id":"VCID-mzuh-5e5y-d3hr","summary":"Improper Neutralization of Escape, Meta, or Control Sequences\nphpMyAdmin does not escape certain Git information, related to `libraries/classes/Display/GitRevision.php` and `libraries/classes/Footer.php`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19617","reference_id":"","reference_type":"","scores":[{"value":"0.00997","scoring_system":"epss","scoring_elements":"0.77304","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00997","scoring_system":"epss","scoring_elements":"0.77333","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19617"},{"reference_url":"https://github.com/phpmyadmin/composer","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/composer"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9"},{"reference_url":"https://github.com/phpmyadmin/phpmyadmin/compare/RELEASE_4_9_1...RELEASE_4_9_2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phpmyadmin/phpmyadmin/compare/RELEASE_4_9_1...RELEASE_4_9_2"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00006.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html"},{"reference_url":"https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released"},{"reference_url":"https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released/","reference_id":"","reference_type":"","scores":[],"url":"https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19617","reference_id":"CVE-2019-19617","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19617"},{"reference_url":"https://usn.ubuntu.com/4639-1/","reference_id":"USN-4639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4639-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4843-1/","reference_id":"USN-USN-4843-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4843-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76289?format=json","purl":"pkg:composer/phpmyadmin/phpmyadmin@4.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2at1-y3qg-77fb"},{"vulnerability":"VCID-32ja-yuuw-bbbh"},{"vulnerability":"VCID-47ju-f89a-eud8"},{"vulnerability":"VCID-7vpu-x9mb-q3c6"},{"vulnerability":"VCID-b2nf-6pr3-xqaa"},{"vulnerability":"VCID-d3qn-js1p-7yeq"},{"vulnerability":"VCID-dx3h-z4dg-m3e1"},{"vulnerability":"VCID-j2k3-xghw-gfb3"},{"vulnerability":"VCID-m3kq-1cfg-mkgc"},{"vulnerability":"VCID-qmj2-pxvt-zqes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.2"}],"aliases":["CVE-2019-19617","GHSA-pgph-mc4p-f8c3"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mzuh-5e5y-d3hr"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.9.2"}