Search for vulnerabilities
Vulnerability details: VCID-fsw3-zq48-s3bh
Vulnerability ID VCID-fsw3-zq48-s3bh
Aliases CVE-2016-5701
GHSA-rh74-5835-jpxp
Summary phpMyAdmin vulnerable to Cross-site Scripting setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 6.1 http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html
cvssv3.1 6.1 http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html
epss 0.00442 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00442 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00442 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00442 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00442 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00442 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00442 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00442 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00442 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00442 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
epss 0.00521 https://api.first.org/data/v1/epss?cve=CVE-2016-5701
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-rh74-5835-jpxp
cvssv3.1 6.1 https://github.com/phpmyadmin/phpmyadmin
generic_textual MODERATE https://github.com/phpmyadmin/phpmyadmin
cvssv3.1 6.1 https://github.com/phpmyadmin/phpmyadmin/commit/1dca386505f396f0c2035112a403cc80768a141f
generic_textual MODERATE https://github.com/phpmyadmin/phpmyadmin/commit/1dca386505f396f0c2035112a403cc80768a141f
cvssv3.1 6.1 https://github.com/phpmyadmin/phpmyadmin/commit/5633b1d57b23ddaa5a9a976a323c90c18d9be03d
generic_textual MODERATE https://github.com/phpmyadmin/phpmyadmin/commit/5633b1d57b23ddaa5a9a976a323c90c18d9be03d
cvssv3.1 6.1 https://github.com/phpmyadmin/phpmyadmin/commit/bf7379771f4b32e01f4af3b36f8ec6900288688e
generic_textual MODERATE https://github.com/phpmyadmin/phpmyadmin/commit/bf7379771f4b32e01f4af3b36f8ec6900288688e
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2016-5701
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2016-5701
cvssv3.1 6.1 https://security.gentoo.org/glsa/201701-32
generic_textual MODERATE https://security.gentoo.org/glsa/201701-32
cvssv3.1 6.1 https://web.archive.org/web/20200227223408/http://www.securityfocus.com/bid/91383
generic_textual MODERATE https://web.archive.org/web/20200227223408/http://www.securityfocus.com/bid/91383
cvssv3.1 6.1 https://www.phpmyadmin.net/security/PMASA-2016-17
generic_textual MODERATE https://www.phpmyadmin.net/security/PMASA-2016-17
cvssv3.1 6.1 http://www.debian.org/security/2016/dsa-3627
generic_textual MODERATE http://www.debian.org/security/2016/dsa-3627
Reference id Reference type URL
http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html
http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html
https://api.first.org/data/v1/epss?cve=CVE-2016-5701
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739
https://github.com/phpmyadmin/phpmyadmin
https://github.com/phpmyadmin/phpmyadmin/commit/1dca386505f396f0c2035112a403cc80768a141f
https://github.com/phpmyadmin/phpmyadmin/commit/5633b1d57b23ddaa5a9a976a323c90c18d9be03d
https://github.com/phpmyadmin/phpmyadmin/commit/bf7379771f4b32e01f4af3b36f8ec6900288688e
https://nvd.nist.gov/vuln/detail/CVE-2016-5701
https://security.gentoo.org/glsa/201701-32
https://web.archive.org/web/20200227223408/http://www.securityfocus.com/bid/91383
https://www.phpmyadmin.net/security/PMASA-2016-17
http://www.debian.org/security/2016/dsa-3627
GHSA-rh74-5835-jpxp https://github.com/advisories/GHSA-rh74-5835-jpxp
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/phpmyadmin/phpmyadmin
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/phpmyadmin/phpmyadmin/commit/1dca386505f396f0c2035112a403cc80768a141f
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/phpmyadmin/phpmyadmin/commit/5633b1d57b23ddaa5a9a976a323c90c18d9be03d
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/phpmyadmin/phpmyadmin/commit/bf7379771f4b32e01f4af3b36f8ec6900288688e
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-5701
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://security.gentoo.org/glsa/201701-32
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://web.archive.org/web/20200227223408/http://www.securityfocus.com/bid/91383
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://www.phpmyadmin.net/security/PMASA-2016-17
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://www.debian.org/security/2016/dsa-3627
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.62392
EPSS Score 0.00442
Published At Sept. 9, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:12:54.466164+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rh74-5835-jpxp/GHSA-rh74-5835-jpxp.json 37.0.0