Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/935250?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/935250?format=api", "purl": "pkg:deb/debian/phppgadmin@7.14.7%2Bdfsg-1?distro=trixie", "type": "deb", "namespace": "debian", "name": "phppgadmin", "version": "7.14.7+dfsg-1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106999?format=api", "vulnerability_id": "VCID-2vh3-f3t5-vbbs", "summary": "Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via \"%2e%2e%2f\" (encoded dot dot) sequences in the formLanguage parameter.", "references": [ { "reference_url": "http://archives.neohapsis.com/archives/dailydave/2005-q3/0010.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://archives.neohapsis.com/archives/dailydave/2005-q3/0010.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-2256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12524", "scoring_system": "epss", "scoring_elements": "0.94013", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.12524", "scoring_system": "epss", "scoring_elements": "0.93899", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.12524", "scoring_system": "epss", "scoring_elements": "0.93908", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.12524", "scoring_system": "epss", "scoring_elements": "0.93917", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.12524", "scoring_system": "epss", "scoring_elements": "0.9392", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.12524", "scoring_system": "epss", "scoring_elements": "0.93929", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.12524", "scoring_system": "epss", "scoring_elements": "0.93932", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.12524", "scoring_system": "epss", "scoring_elements": "0.93936", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.12524", "scoring_system": "epss", "scoring_elements": "0.93937", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.12524", "scoring_system": "epss", "scoring_elements": "0.93952", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.12524", "scoring_system": "epss", "scoring_elements": "0.93958", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.12524", "scoring_system": "epss", "scoring_elements": "0.9396", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.12524", "scoring_system": "epss", "scoring_elements": "0.93969", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.12524", "scoring_system": "epss", "scoring_elements": "0.9398", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.12524", "scoring_system": "epss", "scoring_elements": "0.9399", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.12524", "scoring_system": "epss", "scoring_elements": "0.93995", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.12524", "scoring_system": "epss", "scoring_elements": "0.93999", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-2256" }, { "reference_url": "http://secunia.com/advisories/15941", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/15941" }, { "reference_url": "http://secunia.com/advisories/16116", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/16116" }, { "reference_url": "http://securitytracker.com/id?1014414", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1014414" }, { "reference_url": "http://sourceforge.net/project/shownotes.php?release_id=342261", "reference_id": "", "reference_type": "", "scores": [], "url": "http://sourceforge.net/project/shownotes.php?release_id=342261" }, { "reference_url": "http://www.debian.org/security/2005/dsa-759", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2005/dsa-759" }, { "reference_url": "http://www.securityfocus.com/bid/14142", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/14142" }, { "reference_url": "http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=318284", "reference_id": "318284", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=318284" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:phppgadmin:phppgadmin:3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:phppgadmin:phppgadmin:3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:phppgadmin:phppgadmin:3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:phppgadmin:phppgadmin:3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:3.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:phppgadmin:phppgadmin:3.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:3.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:3.5.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:phppgadmin:phppgadmin:3.5.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:3.5.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2256", "reference_id": "CVE-2005-2256", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2256" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/25938.txt", "reference_id": "CVE-2005-2256;OSVDB-17758", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/25938.txt" }, { "reference_url": "https://www.securityfocus.com/bid/14142/info", "reference_id": "CVE-2005-2256;OSVDB-17758", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/14142/info" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935252?format=api", "purl": "pkg:deb/debian/phppgadmin@3.5.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phppgadmin@3.5.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935250?format=api", "purl": "pkg:deb/debian/phppgadmin@7.14.7%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phppgadmin@7.14.7%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-2256" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2vh3-f3t5-vbbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/192338?format=api", "vulnerability_id": "VCID-3xbu-xm1n-ffa7", "summary": "phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, \"database.php\" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to visit a malicious page with a CSRF exploit and execute arbitrary system commands on the server.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10784", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.6277", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62514", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62572", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62605", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62571", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62621", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62637", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62655", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62644", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62662", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.6267", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62652", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62664", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62679", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62677", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62628", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62676", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62728", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62687", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62713", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10784" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953945", "reference_id": "953945", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953945" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935250?format=api", "purl": "pkg:deb/debian/phppgadmin@7.14.7%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phppgadmin@7.14.7%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-10784" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3xbu-xm1n-ffa7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/299272?format=api", "vulnerability_id": "VCID-4fqy-vu7b-5qaf", "summary": "phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40619", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03455", "scoring_system": "epss", "scoring_elements": "0.87642", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.03455", "scoring_system": "epss", "scoring_elements": "0.8761", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.03455", "scoring_system": "epss", "scoring_elements": "0.87475", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03455", "scoring_system": "epss", "scoring_elements": "0.87488", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03455", "scoring_system": "epss", "scoring_elements": "0.87491", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03455", "scoring_system": "epss", "scoring_elements": "0.8751", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03455", "scoring_system": "epss", "scoring_elements": "0.87517", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03455", "scoring_system": "epss", "scoring_elements": "0.87529", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03455", "scoring_system": "epss", "scoring_elements": "0.87524", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03455", "scoring_system": "epss", "scoring_elements": "0.87521", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03455", "scoring_system": "epss", "scoring_elements": "0.87535", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03455", "scoring_system": "epss", "scoring_elements": "0.87536", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03455", "scoring_system": "epss", "scoring_elements": "0.87534", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03455", "scoring_system": "epss", "scoring_elements": "0.8755", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03455", "scoring_system": "epss", "scoring_elements": "0.87557", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03455", "scoring_system": "epss", "scoring_elements": "0.87556", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03455", "scoring_system": "epss", "scoring_elements": "0.87569", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.03455", "scoring_system": "epss", "scoring_elements": "0.87583", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.03455", "scoring_system": "epss", "scoring_elements": "0.87601", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.03455", "scoring_system": "epss", "scoring_elements": "0.87597", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40619" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053004", "reference_id": "1053004", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053004" }, { "reference_url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40619", "reference_id": "CVE-2023-40619", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-25T14:17:57Z/" } ], "url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40619" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00000.html", "reference_id": "msg00000.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-25T14:17:57Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00000.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935250?format=api", "purl": "pkg:deb/debian/phppgadmin@7.14.7%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phppgadmin@7.14.7%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-40619" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4fqy-vu7b-5qaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/109232?format=api", "vulnerability_id": "VCID-93va-4zq1-1qdw", "summary": "John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2004-2664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57153", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57242", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57265", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57294", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57296", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57309", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.5729", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57269", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57297", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57293", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57272", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.5722", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57244", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57223", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57174", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57218", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57281", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57229", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57254", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57319", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2004-2664" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935251?format=api", "purl": "pkg:deb/debian/phppgadmin@4.0.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phppgadmin@4.0.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935250?format=api", "purl": "pkg:deb/debian/phppgadmin@7.14.7%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phppgadmin@7.14.7%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2004-2664" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-93va-4zq1-1qdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91601?format=api", "vulnerability_id": "VCID-bp2y-n3cz-x3ha", "summary": "The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for (1) server.php, (2) adodb-errorpear.inc.php, (3) adodb-iterator.inc.php, (4) adodb-pear.inc.php, (5) adodb-perf.inc.php, (6) adodb-xmlschema.inc.php, and (7) adodb.inc.php; files in datadict including (8) datadict-access.inc.php, (9) datadict-db2.inc.php, (10) datadict-generic.inc.php, (11) datadict-ibase.inc.php, (12) datadict-informix.inc.php, (13) datadict-mssql.inc.php, (14) datadict-mysql.inc.php, (15) datadict-oci8.inc.php, (16) datadict-postgres.inc.php, and (17) datadict-sybase.inc.php; files in drivers/ including (18) adodb-access.inc.php, (19) adodb-ado.inc.php, (20) adodb-ado_access.inc.php, (21) adodb-ado_mssql.inc.php, (22) adodb-borland_ibase.inc.php, (23) adodb-csv.inc.php, (24) adodb-db2.inc.php, (25) adodb-fbsql.inc.php, (26) adodb-firebird.inc.php, (27) adodb-ibase.inc.php, (28) adodb-informix.inc.php, (29) adodb-informix72.inc.php, (30) adodb-mssql.inc.php, (31) adodb-mssqlpo.inc.php, (32) adodb-mysql.inc.php, (33) adodb-mysqli.inc.php, (34) adodb-mysqlt.inc.php, (35) adodb-oci8.inc.php, (36) adodb-oci805.inc.php, (37) adodb-oci8po.inc.php, (38) adodb-odbc.inc.php, (39) adodb-odbc_mssql.inc.php, (40) adodb-odbc_oracle.inc.php, (41) adodb-oracle.inc.php, (42) adodb-postgres64.inc.php, (43) adodb-postgres7.inc.php, (44) adodb-proxy.inc.php, (45) adodb-sapdb.inc.php, (46) adodb-sqlanywhere.inc.php, (47) adodb-sqlite.inc.php, (48) adodb-sybase.inc.php, (49) adodb-vfp.inc.php; file in perf/ including (50) perf-db2.inc.php, (51) perf-informix.inc.php, (52) perf-mssql.inc.php, (53) perf-mysql.inc.php, (54) perf-oci8.inc.php, (55) perf-postgres.inc.php; tests/ files (56) benchmark.php, (57) client.php, (58) test-datadict.php, (59) test-perf.php, (60) test-pgblob.php, (61) test-php5.php, (62) test-xmlschema.php, (63) test.php, (64) test2.php, (65) test3.php, (66) test4.php, (67) test5.php, (68) test_rs_array.php, (69) testcache.php, (70) testdatabases.inc.php, (71) testgenid.php, (72) testmssql.php, (73) testoci8.php, (74) testoci8cursor.php, (75) testpaging.php, (76) testpear.php, (77) testsessions.php, (78) time.php, or (79) tmssql.php, which reveals the path in various error messages.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-4976", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.64895", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.64945", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.64973", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.64936", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.64985", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.65", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.65018", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.65007", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.64979", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.65015", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.65025", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.65012", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.65031", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.65044", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.65041", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.65022", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.6507", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.65113", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.65081", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.65103", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00478", "scoring_system": "epss", "scoring_elements": "0.65159", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-4976" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4976" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935254?format=api", "purl": "pkg:deb/debian/phppgadmin@5.1%2Bds-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phppgadmin@5.1%252Bds-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935250?format=api", "purl": "pkg:deb/debian/phppgadmin@7.14.7%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phppgadmin@7.14.7%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2006-4976" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bp2y-n3cz-x3ha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/137760?format=api", "vulnerability_id": "VCID-hz8d-gsr1-7yfn", "summary": "Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3598", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72304", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.7231", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72328", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72305", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72344", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72356", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72379", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72362", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.7235", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72391", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.724", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72388", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72431", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.7244", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72436", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72428", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72458", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72483", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72446", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72472", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00715", "scoring_system": "epss", "scoring_elements": "0.72529", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3598" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644290", "reference_id": "644290", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644290" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935258?format=api", "purl": "pkg:deb/debian/phppgadmin@5.0.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phppgadmin@5.0.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935250?format=api", "purl": "pkg:deb/debian/phppgadmin@7.14.7%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phppgadmin@7.14.7%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-3598" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hz8d-gsr1-7yfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/115896?format=api", "vulnerability_id": "VCID-phnq-kx6f-xbfh", "summary": "PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in John Lim ADOdb, possibly 4.01 and earlier, as used in Intechnic In-link 2.3.4, allows remote attackers to execute arbitrary PHP code via a URL in the ADODB_DIR parameter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-4618", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75787", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.7579", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75823", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75802", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75835", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75846", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.7587", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75851", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75845", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75882", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75886", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75871", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75909", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75918", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.7593", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75937", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75967", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75991", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75975", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.7599", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.7604", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-4618" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935253?format=api", "purl": "pkg:deb/debian/phppgadmin@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phppgadmin@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935250?format=api", "purl": "pkg:deb/debian/phppgadmin@7.14.7%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phppgadmin@7.14.7%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2006-4618" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-phnq-kx6f-xbfh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/119490?format=api", "vulnerability_id": "VCID-qtxz-h9d1-f7fn", "summary": "Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.", "references": [ { "reference_url": "http://marc.info/?l=full-disclosure&m=117987658110713&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=full-disclosure&m=117987658110713&w=2" }, { "reference_url": "http://osvdb.org/38138", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/38138" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2865", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04312", "scoring_system": "epss", "scoring_elements": "0.88987", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.04312", "scoring_system": "epss", "scoring_elements": "0.88841", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04312", "scoring_system": "epss", "scoring_elements": "0.8885", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04312", "scoring_system": "epss", "scoring_elements": "0.88865", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04312", "scoring_system": "epss", "scoring_elements": "0.88867", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04312", "scoring_system": "epss", "scoring_elements": "0.88885", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04312", "scoring_system": "epss", "scoring_elements": "0.8889", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04312", "scoring_system": "epss", "scoring_elements": "0.88902", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04312", "scoring_system": "epss", "scoring_elements": "0.88896", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04312", "scoring_system": "epss", "scoring_elements": "0.88909", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04312", "scoring_system": "epss", "scoring_elements": "0.88908", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04312", "scoring_system": "epss", "scoring_elements": "0.88904", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04312", "scoring_system": "epss", "scoring_elements": "0.88921", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04312", "scoring_system": "epss", "scoring_elements": "0.88928", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.04312", "scoring_system": "epss", "scoring_elements": "0.8893", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.04312", "scoring_system": "epss", "scoring_elements": "0.88938", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.04312", "scoring_system": "epss", "scoring_elements": "0.88954", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.04312", "scoring_system": "epss", "scoring_elements": "0.88965", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.04312", "scoring_system": "epss", "scoring_elements": "0.88959", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.04312", "scoring_system": "epss", "scoring_elements": "0.88969", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2865" }, { "reference_url": "http://secunia.com/advisories/27756", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/27756" }, { "reference_url": "http://secunia.com/advisories/33263", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/33263" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34456", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34456" }, { "reference_url": "http://www.debian.org/security/2008/dsa-1693", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2008/dsa-1693" }, { "reference_url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html" }, { "reference_url": "http://www.securityfocus.com/bid/24115", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/24115" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=427151", "reference_id": "427151", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=427151" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:4.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:phppgadmin:phppgadmin:4.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:4.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2865", "reference_id": "CVE-2007-2865", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:C/I:C/A:C" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2865" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30075.txt", "reference_id": "CVE-2007-2865;OSVDB-38138", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30075.txt" }, { "reference_url": "https://www.securityfocus.com/bid/24115/info", "reference_id": "CVE-2007-2865;OSVDB-38138", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/24115/info" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935255?format=api", "purl": "pkg:deb/debian/phppgadmin@4.1.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phppgadmin@4.1.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935250?format=api", "purl": "pkg:deb/debian/phppgadmin@7.14.7%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phppgadmin@7.14.7%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-2865" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qtxz-h9d1-f7fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/139815?format=api", "vulnerability_id": "VCID-sffr-khyu-fyek", "summary": "Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a function.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1600", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.67932", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.67955", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.67974", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.67953", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.68004", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.68017", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.6804", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.68027", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.67992", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.68029", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.68042", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.68025", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.68068", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.68077", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.68083", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.68056", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.68098", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.6814", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.68107", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.68133", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.6819", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1600" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935259?format=api", "purl": "pkg:deb/debian/phppgadmin@5.0.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phppgadmin@5.0.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935250?format=api", "purl": "pkg:deb/debian/phppgadmin@7.14.7%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phppgadmin@7.14.7%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-1600" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sffr-khyu-fyek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90751?format=api", "vulnerability_id": "VCID-t6jb-xrqa-ufbe", "summary": "phpPgAdmin: directory traversal flaw in libraries/lib.inc.php", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5587.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5587.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5587", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02153", "scoring_system": "epss", "scoring_elements": "0.84429", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.02153", "scoring_system": "epss", "scoring_elements": "0.84397", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.02306", "scoring_system": "epss", "scoring_elements": "0.84712", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02306", "scoring_system": "epss", "scoring_elements": "0.84713", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02306", "scoring_system": "epss", "scoring_elements": "0.84735", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02306", "scoring_system": "epss", "scoring_elements": "0.84742", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02306", "scoring_system": "epss", "scoring_elements": "0.8476", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02306", "scoring_system": "epss", "scoring_elements": "0.84756", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02306", "scoring_system": "epss", "scoring_elements": "0.84751", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02306", "scoring_system": "epss", "scoring_elements": "0.84677", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02306", "scoring_system": "epss", "scoring_elements": "0.84773", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02306", "scoring_system": "epss", "scoring_elements": "0.84771", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02306", "scoring_system": "epss", "scoring_elements": "0.84798", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02306", "scoring_system": "epss", "scoring_elements": "0.84807", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02306", "scoring_system": "epss", "scoring_elements": "0.84823", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02306", "scoring_system": "epss", "scoring_elements": "0.84849", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02306", "scoring_system": "epss", "scoring_elements": "0.84866", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.02306", "scoring_system": "epss", "scoring_elements": "0.84861", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.02306", "scoring_system": "epss", "scoring_elements": "0.84772", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02306", "scoring_system": "epss", "scoring_elements": "0.84692", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5587" }, { "reference_url": "http://secunia.com/advisories/33014", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/33014" }, { "reference_url": "http://secunia.com/advisories/33263", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/33263" }, { "reference_url": "http://securityreason.com/securityalert/4737", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securityreason.com/securityalert/4737" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47140", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47140" }, { "reference_url": "https://www.exploit-db.com/exploits/7363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/7363" }, { "reference_url": "http://www.debian.org/security/2008/dsa-1693", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2008/dsa-1693" }, { "reference_url": "http://www.securityfocus.com/bid/32670", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/32670" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=476823", "reference_id": "476823", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=476823" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508026", "reference_id": "508026", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508026" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:phppgadmin:phppgadmin:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:phppgadmin:phppgadmin:2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:2.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:phppgadmin:phppgadmin:2.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:2.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:phppgadmin:phppgadmin:3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:3.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:phppgadmin:phppgadmin:3.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:3.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:3.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:phppgadmin:phppgadmin:3.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:3.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:3.5.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:phppgadmin:phppgadmin:3.5.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:3.5.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:3.5.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:phppgadmin:phppgadmin:3.5.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:3.5.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:4.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:phppgadmin:phppgadmin:4.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phppgadmin:phppgadmin:4.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5587", "reference_id": "CVE-2008-5587", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5587" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/7363.txt", "reference_id": "OSVDB-50545;CVE-2008-5587", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/7363.txt" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935257?format=api", "purl": "pkg:deb/debian/phppgadmin@4.2.1-1.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phppgadmin@4.2.1-1.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935250?format=api", "purl": "pkg:deb/debian/phppgadmin@7.14.7%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phppgadmin@7.14.7%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2008-5587" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t6jb-xrqa-ufbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/121752?format=api", "vulnerability_id": "VCID-y196-3hd8-63e8", "summary": "Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-5728", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66836", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66875", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66901", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66874", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66922", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66936", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66956", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66942", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66911", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66944", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66959", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66964", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66977", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66975", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66947", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.6699", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.67029", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.67002", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.67025", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.67089", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-5728" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449103", "reference_id": "449103", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449103" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30090.txt", "reference_id": "CVE-2007-5728;OSVDB-36699", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/30090.txt" }, { "reference_url": "https://www.securityfocus.com/bid/24182/info", "reference_id": "CVE-2007-5728;OSVDB-36699", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/24182/info" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935256?format=api", "purl": "pkg:deb/debian/phppgadmin@4.1.3-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phppgadmin@4.1.3-0.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935250?format=api", "purl": "pkg:deb/debian/phppgadmin@7.14.7%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phppgadmin@7.14.7%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-5728" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y196-3hd8-63e8" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/phppgadmin@7.14.7%252Bdfsg-1%3Fdistro=trixie" }