VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-483d-rzve-uqae

Essentials
Severities (32)
References (11)
Severity details (7)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-483d-rzve-uqae
Aliases	CVE-2009-1149 GHSA-xrpq-63mp-9vcw
Summary	phpMyAdmin HTTP Response Splitting Vulnerability CRLF injection vulnerability in `bs_disp_as_mime_type.php` in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) `c_type` and possibly (2) `file_type` parameters.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-113	Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CWE-20	Improper Input Validation
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
generic_textual	HIGH	http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/bs_disp_as_mime_type.php?r1=12303&r2=12302&pathrev=12303
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-xrpq-63mp-9vcw
generic_textual	HIGH	https://github.com/phpmyadmin/composer
generic_textual	HIGH	https://github.com/phpmyadmin/phpmyadmin/commit/69bfbf11c7e9487dfa96293aaa797ff14bb513f0
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2009-1149
generic_textual	HIGH	http://www.phpmyadmin.net/home_page/security/PMASA-2009-1.php

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
		http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/bs_disp_as_mime_type.php?r1=12303&r2=12302&pathrev=12303
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1149.json
		https://api.first.org/data/v1/epss?cve=CVE-2009-1149
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1149
		https://github.com/phpmyadmin/composer
		https://github.com/phpmyadmin/phpmyadmin/commit/69bfbf11c7e9487dfa96293aaa797ff14bb513f0
		https://nvd.nist.gov/vuln/detail/CVE-2009-1149
		http://www.phpmyadmin.net/home_page/security/PMASA-2009-1.php
492066		https://bugzilla.redhat.com/show_bug.cgi?id=492066
GHSA-xrpq-63mp-9vcw		https://github.com/advisories/GHSA-xrpq-63mp-9vcw

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.71456
EPSS Score	0.00715
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:11:02.566783+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xrpq-63mp-9vcw/GHSA-xrpq-63mp-9vcw.json	37.0.0