Search for vulnerabilities
Vulnerability details: VCID-nmus-bk41-qfbq
Vulnerability ID VCID-nmus-bk41-qfbq
Aliases CVE-2016-1927
GHSA-4gmg-gwjh-3mmr
Summary phpMyAdmin Cryptographic Vulnerability The `suggestPassword` function in `js/functions.js` in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the `Math.random` JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-254 7PK - Security Features
CWE-255 Credentials Management Errors
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 7.5 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html
generic_textual HIGH http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html
cvssv3.1 7.5 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html
generic_textual HIGH http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html
cvssv3.1 7.5 http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html
generic_textual HIGH http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html
cvssv3.1 7.5 http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html
generic_textual HIGH http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
epss 0.00616 https://api.first.org/data/v1/epss?cve=CVE-2016-1927
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-4gmg-gwjh-3mmr
cvssv3.1 7.5 https://github.com/phpmyadmin/phpmyadmin
generic_textual HIGH https://github.com/phpmyadmin/phpmyadmin
cvssv3.1 7.5 https://github.com/phpmyadmin/phpmyadmin/commit/2369daa7f5f550797f560e6b46a021e4558c2d72
generic_textual HIGH https://github.com/phpmyadmin/phpmyadmin/commit/2369daa7f5f550797f560e6b46a021e4558c2d72
cvssv3.1 7.5 https://github.com/phpmyadmin/phpmyadmin/commit/5530a72e162fab442218486a90ff3365c96fde98
generic_textual HIGH https://github.com/phpmyadmin/phpmyadmin/commit/5530a72e162fab442218486a90ff3365c96fde98
cvssv3.1 7.5 https://github.com/phpmyadmin/phpmyadmin/commit/6a96e67487f2faecb4de4204fee9b96b94020720
generic_textual HIGH https://github.com/phpmyadmin/phpmyadmin/commit/6a96e67487f2faecb4de4204fee9b96b94020720
cvssv3.1 7.5 https://github.com/phpmyadmin/phpmyadmin/commit/8b6737735be5787d0b98c6cdfe2c7e3131b1bc95
generic_textual HIGH https://github.com/phpmyadmin/phpmyadmin/commit/8b6737735be5787d0b98c6cdfe2c7e3131b1bc95
cvssv3.1 7.5 https://github.com/phpmyadmin/phpmyadmin/commit/8dedcc1a175eb07debd4fe116407c43694c60b22
generic_textual HIGH https://github.com/phpmyadmin/phpmyadmin/commit/8dedcc1a175eb07debd4fe116407c43694c60b22
cvssv3.1 7.5 https://github.com/phpmyadmin/phpmyadmin/commit/912856b432d794201884c36e5f390d446339b6e4
generic_textual HIGH https://github.com/phpmyadmin/phpmyadmin/commit/912856b432d794201884c36e5f390d446339b6e4
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2016-1927
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2016-1927
cvssv3.1 7.5 http://www.debian.org/security/2016/dsa-3627
generic_textual HIGH http://www.debian.org/security/2016/dsa-3627
cvssv3.1 7.5 http://www.phpmyadmin.net/home_page/security/PMASA-2016-4.php
generic_textual HIGH http://www.phpmyadmin.net/home_page/security/PMASA-2016-4.php
Reference id Reference type URL
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html
http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html
http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html
https://api.first.org/data/v1/epss?cve=CVE-2016-1927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739
https://github.com/phpmyadmin/phpmyadmin
https://github.com/phpmyadmin/phpmyadmin/commit/2369daa7f5f550797f560e6b46a021e4558c2d72
https://github.com/phpmyadmin/phpmyadmin/commit/5530a72e162fab442218486a90ff3365c96fde98
https://github.com/phpmyadmin/phpmyadmin/commit/6a96e67487f2faecb4de4204fee9b96b94020720
https://github.com/phpmyadmin/phpmyadmin/commit/8b6737735be5787d0b98c6cdfe2c7e3131b1bc95
https://github.com/phpmyadmin/phpmyadmin/commit/8dedcc1a175eb07debd4fe116407c43694c60b22
https://github.com/phpmyadmin/phpmyadmin/commit/912856b432d794201884c36e5f390d446339b6e4
https://nvd.nist.gov/vuln/detail/CVE-2016-1927
http://www.debian.org/security/2016/dsa-3627
http://www.phpmyadmin.net/home_page/security/PMASA-2016-4.php
GHSA-4gmg-gwjh-3mmr https://github.com/advisories/GHSA-4gmg-gwjh-3mmr
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/phpmyadmin/phpmyadmin
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/phpmyadmin/phpmyadmin/commit/2369daa7f5f550797f560e6b46a021e4558c2d72
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/phpmyadmin/phpmyadmin/commit/5530a72e162fab442218486a90ff3365c96fde98
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/phpmyadmin/phpmyadmin/commit/6a96e67487f2faecb4de4204fee9b96b94020720
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/phpmyadmin/phpmyadmin/commit/8b6737735be5787d0b98c6cdfe2c7e3131b1bc95
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/phpmyadmin/phpmyadmin/commit/8dedcc1a175eb07debd4fe116407c43694c60b22
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/phpmyadmin/phpmyadmin/commit/912856b432d794201884c36e5f390d446339b6e4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-1927
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.debian.org/security/2016/dsa-3627
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.phpmyadmin.net/home_page/security/PMASA-2016-4.php
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.68964
EPSS Score 0.00616
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:07:18.913976+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4gmg-gwjh-3mmr/GHSA-4gmg-gwjh-3mmr.json 37.0.0