Search for vulnerabilities
Vulnerability details: VCID-49vs-6j8s-pkey
Vulnerability ID VCID-49vs-6j8s-pkey
Aliases CVE-2015-6830
GHSA-v6fh-vg22-r6cm
Summary phpMyAdmin ReCaptcha bypass libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166294.html
generic_textual MODERATE http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166307.html
generic_textual MODERATE http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166531.html
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2015-6830
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2015-6830
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2015-6830
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2015-6830
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2015-6830
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2015-6830
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2015-6830
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2015-6830
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2015-6830
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2015-6830
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2015-6830
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2015-6830
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2015-6830
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2015-6830
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2015-6830
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2015-6830
epss 0.30434 https://api.first.org/data/v1/epss?cve=CVE-2015-6830
epss 0.30434 https://api.first.org/data/v1/epss?cve=CVE-2015-6830
epss 0.30434 https://api.first.org/data/v1/epss?cve=CVE-2015-6830
epss 0.30434 https://api.first.org/data/v1/epss?cve=CVE-2015-6830
epss 0.30434 https://api.first.org/data/v1/epss?cve=CVE-2015-6830
epss 0.30434 https://api.first.org/data/v1/epss?cve=CVE-2015-6830
epss 0.30434 https://api.first.org/data/v1/epss?cve=CVE-2015-6830
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-v6fh-vg22-r6cm
generic_textual MODERATE https://github.com/phpmyadmin/phpmyadmin/commit/0314e67900f01410bc8c81c58a40dc0515e3c91d
generic_textual MODERATE https://github.com/phpmyadmin/phpmyadmin/commit/785f4e2711848eb8945894199d5870253a88584e
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2015-6830
generic_textual MODERATE https://web.archive.org/web/20200228052837/http://www.securityfocus.com/bid/76674
generic_textual MODERATE https://web.archive.org/web/20211215060142/http://www.securitytracker.com/id/1033546
generic_textual MODERATE https://www.phpmyadmin.net/security/PMASA-2015-4
generic_textual MODERATE http://www.debian.org/security/2015/dsa-3382
Reference id Reference type URL
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166294.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166307.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166531.html
https://api.first.org/data/v1/epss?cve=CVE-2015-6830
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3902
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6830
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873
https://github.com/phpmyadmin/phpmyadmin/commit/0314e67900f01410bc8c81c58a40dc0515e3c91d
https://github.com/phpmyadmin/phpmyadmin/commit/785f4e2711848eb8945894199d5870253a88584e
https://nvd.nist.gov/vuln/detail/CVE-2015-6830
https://web.archive.org/web/20200228052837/http://www.securityfocus.com/bid/76674
https://web.archive.org/web/20211215060142/http://www.securitytracker.com/id/1033546
https://www.phpmyadmin.net/security/PMASA-2015-4
https://www.phpmyadmin.net/security/PMASA-2015-4/
http://www.debian.org/security/2015/dsa-3382
CVE-2015-6830 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/52414.py
GHSA-v6fh-vg22-r6cm https://github.com/advisories/GHSA-v6fh-vg22-r6cm
Data source Exploit-DB
Date added Aug. 18, 2025
Description PHPMyAdmin 3.0 - Bruteforce Login Bypass
Ransomware campaign use Unknown
Source publication date Aug. 18, 2025
Exploit type remote
Platform php
Source update date Aug. 18, 2025
Exploit Prediction Scoring System (EPSS)
Percentile 0.66734
EPSS Score 0.00544
Published At Aug. 15, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:10:29.379506+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v6fh-vg22-r6cm/GHSA-v6fh-vg22-r6cm.json 37.0.0