VulnerableCode Vulnerability Details - VCID-ttu4-gpng-rydg

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-ttu4-gpng-rydg

Essentials
Severities (10)
References (11)
Severity details (7)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-ttu4-gpng-rydg
Aliases	CVE-2009-1149 GHSA-xrpq-63mp-9vcw
Summary	Improper Input Validation CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-20	Improper Input Validation
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-113	Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

System	Score	Found at
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
generic_textual	HIGH	http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/bs_disp_as_mime_type.php?r1=12303&r2=12302&pathrev=12303
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
epss	0.00715	https://api.first.org/data/v1/epss?cve=CVE-2009-1149
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-xrpq-63mp-9vcw
generic_textual	HIGH	https://github.com/phpmyadmin/composer
generic_textual	HIGH	https://github.com/phpmyadmin/phpmyadmin/commit/69bfbf11c7e9487dfa96293aaa797ff14bb513f0
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2009-1149
generic_textual	HIGH	http://www.phpmyadmin.net/home_page/security/PMASA-2009-1.php

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
		http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/bs_disp_as_mime_type.php?r1=12303&r2=12302&pathrev=12303
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1149.json
		https://api.first.org/data/v1/epss?cve=CVE-2009-1149
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1149
		https://github.com/phpmyadmin/composer
		https://github.com/phpmyadmin/phpmyadmin/commit/69bfbf11c7e9487dfa96293aaa797ff14bb513f0
		http://www.phpmyadmin.net/home_page/security/PMASA-2009-1.php
492066		https://bugzilla.redhat.com/show_bug.cgi?id=492066
CVE-2009-1149		https://nvd.nist.gov/vuln/detail/CVE-2009-1149
GHSA-xrpq-63mp-9vcw		https://github.com/advisories/GHSA-xrpq-63mp-9vcw

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.72735
EPSS Score	0.00715
Published At	June 4, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:42:20.777316+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2009-1149.yml	38.6.0