Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-2k4p-dxku-97h1
Vulnerability ID VCID-2k4p-dxku-97h1
Aliases CVE-2009-3697
Summary SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
System Score Found at
epss 0.02584 https://api.first.org/data/v1/epss?cve=CVE-2009-3697
epss 0.02584 https://api.first.org/data/v1/epss?cve=CVE-2009-3697
epss 0.02584 https://api.first.org/data/v1/epss?cve=CVE-2009-3697
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3697.json
https://api.first.org/data/v1/epss?cve=CVE-2009-3697
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3697
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.85857
EPSS Score 0.02584
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:07:10.085064+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0