VulnerableCode Package Details - pkg:composer/phpmyadmin/phpmyadmin@4.4.15%2B10

Search for packages

Vulnerability	Summary	Fixed by
VCID-drq8-z1qe-7ufh Aliases: CVE-2017-1000017 GHSA-99xj-xqc9-98hr	phpMyAdmin SSRF in replication phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server	4.6.6 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.7.0 Affected by 22 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-g67g-ycx6-ebat Aliases: CVE-2017-18264 GHSA-5868-g58j-vrj5	An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions (e.g., version 5). This can allow the login of users who have no password set even if the administrator has set $cfg['Servers'][$i]['AllowNoPassword'] to false (which is also the default). This occurs because some implementations of the PHP substr function return false when given '' as the first argument.	4.7.0 Affected by 22 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.7.1 Affected by 21 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-drq8-z1qe-7ufh
Aliases:
CVE-2017-1000017
GHSA-99xj-xqc9-98hr

phpMyAdmin SSRF in replication phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server

4.6.6
Affected by 2 other vulnerabilities.

4.7.0
Affected by 22 other vulnerabilities.

VCID-g67g-ycx6-ebat
Aliases:
CVE-2017-18264
GHSA-5868-g58j-vrj5

An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions (e.g., version 5). This can allow the login of users who have no password set even if the administrator has set $cfg['Servers'][$i]['AllowNoPassword'] to false (which is also the default). This occurs because some implementations of the PHP substr function return false when given '' as the first argument.

4.7.0
Affected by 22 other vulnerabilities.

4.7.1
Affected by 21 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-02T12:42:04.751528+00:00	GHSA Importer	Fixing	VCID-qu34-hevh-v3a9	https://github.com/advisories/GHSA-44vv-mm86-7cg6	37.0.0
2025-08-02T12:41:37.617999+00:00	GHSA Importer	Fixing	VCID-zxus-a2uc-aqe8	https://github.com/advisories/GHSA-9hrc-rwrq-v6mh	37.0.0
2025-08-02T12:41:37.587257+00:00	GHSA Importer	Fixing	VCID-7udu-bp8s-t7es	https://github.com/advisories/GHSA-5h5m-fj48-qpjw	37.0.0
2025-08-02T12:41:37.459138+00:00	GHSA Importer	Fixing	VCID-p8xn-tscc-4qhu	https://github.com/advisories/GHSA-3fgq-cmr4-97rr	37.0.0
2025-08-02T12:41:37.397117+00:00	GHSA Importer	Fixing	VCID-6j1s-geef-pfb6	https://github.com/advisories/GHSA-47qr-f86f-3wm4	37.0.0
2025-08-02T12:41:34.577909+00:00	GHSA Importer	Fixing	VCID-drq8-z1qe-7ufh	https://github.com/advisories/GHSA-99xj-xqc9-98hr	37.0.0
2025-07-31T12:33:25.028546+00:00	GHSA Importer	Affected by	VCID-g67g-ycx6-ebat	https://github.com/advisories/GHSA-5868-g58j-vrj5	37.0.0
2025-07-31T09:27:53.045076+00:00	GitLab Importer	Fixing	VCID-qu34-hevh-v3a9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2016-6621.yml	37.0.0
2025-07-31T09:22:41.724460+00:00	GitLab Importer	Affected by	VCID-g67g-ycx6-ebat	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2017-18264.yml	37.0.0
2025-07-31T09:21:57.687913+00:00	GitLab Importer	Affected by	VCID-drq8-z1qe-7ufh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2017-1000017.yml	37.0.0
2025-07-31T09:14:25.161737+00:00	GithubOSV Importer	Fixing	VCID-p8xn-tscc-4qhu	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3fgq-cmr4-97rr/GHSA-3fgq-cmr4-97rr.json	37.0.0
2025-07-31T09:10:04.286634+00:00	GithubOSV Importer	Fixing	VCID-drq8-z1qe-7ufh	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-99xj-xqc9-98hr/GHSA-99xj-xqc9-98hr.json	37.0.0
2025-07-31T09:08:18.071731+00:00	GithubOSV Importer	Fixing	VCID-zxus-a2uc-aqe8	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9hrc-rwrq-v6mh/GHSA-9hrc-rwrq-v6mh.json	37.0.0
2025-07-31T09:08:03.046131+00:00	GithubOSV Importer	Fixing	VCID-6j1s-geef-pfb6	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-47qr-f86f-3wm4/GHSA-47qr-f86f-3wm4.json	37.0.0
2025-07-31T09:07:56.795926+00:00	GithubOSV Importer	Fixing	VCID-qu34-hevh-v3a9	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-44vv-mm86-7cg6/GHSA-44vv-mm86-7cg6.json	37.0.0
2025-07-31T09:06:29.689845+00:00	GithubOSV Importer	Fixing	VCID-7udu-bp8s-t7es	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5h5m-fj48-qpjw/GHSA-5h5m-fj48-qpjw.json	37.0.0