{"id":670138,"name":"phpmyadmin/phpmyadmin","ecosystem":"packagist","description":"A web interface for MySQL and MariaDB","homepage":"https://www.phpmyadmin.net/","licenses":"GPL-2.0-only","normalized_licenses":["GPL-2.0-only"],"repository_url":"https://github.com/phpmyadmin/composer","keywords_array":["mysql","web","phpmyadmin"],"namespace":"phpmyadmin","versions_count":67,"first_release_published_at":"2019-07-09T22:00:38.000Z","latest_release_published_at":"2025-10-08T07:51:51.000Z","latest_release_number":"5.2.3","last_synced_at":"2026-04-04T09:52:10.653Z","created_at":"2022-04-07T10:42:09.753Z","updated_at":"2026-04-04T19:15:17.634Z","registry_url":"https://packagist.org/packages/phpmyadmin/phpmyadmin#","install_command":"composer require phpmyadmin/phpmyadmin","documentation_url":null,"metadata":{"funding":[{"url":"https://www.phpmyadmin.net/donate/","type":"custom"}]},"repo_metadata":{"id":41092982,"uuid":"91452124","full_name":"phpmyadmin/composer","owner":"phpmyadmin","description":"Read only composer repository for phpMyAdmin","archived":false,"fork":false,"pushed_at":"2026-03-29T22:02:09.000Z","size":2341143,"stargazers_count":15,"open_issues_count":0,"forks_count":11,"subscribers_count":2,"default_branch":"master","last_synced_at":"2026-03-30T01:38:32.273Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://packagist.org/packages/phpmyadmin/phpmyadmin","language":"PHP","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/phpmyadmin.png","metadata":{"files":{"readme":"README","changelog":"CHANGELOG-6.0.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/security.rst","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":"DCO","cla":null},"funding":{"custom":"https://www.phpmyadmin.net/donate/"}},"created_at":"2017-05-16T11:46:38.000Z","updated_at":"2026-03-29T22:02:17.000Z","dependencies_parsed_at":"2024-06-18T18:18:51.155Z","dependency_job_id":"b7f69577-f2d0-4083-bd75-c95e9cf32c0c","html_url":"https://github.com/phpmyadmin/composer","commit_stats":null,"previous_names":[],"tags_count":67,"template":false,"template_full_name":null,"purl":"pkg:github/phpmyadmin/composer","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/phpmyadmin","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31216808,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-30T15:24:02.938Z","status":"ssl_error","status_checked_at":"2026-03-30T15:23:44.804Z","response_time":138,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"phpmyadmin","name":"phpMyAdmin","uuid":"1351977","kind":"organization","description":"We're building phpMyAdmin, the most used MySQL management tool.","email":"developers@phpmyadmin.net","website":"https://www.phpmyadmin.net/","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/1351977?v=4","repositories_count":18,"last_synced_at":"2024-03-25T23:08:59.325Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/phpmyadmin","funding_links":[],"total_stars":8494,"followers":301,"following":0,"created_at":"2022-11-02T20:37:54.186Z","updated_at":"2024-03-25T23:09:00.639Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/phpmyadmin","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/phpmyadmin/repositories"},"tags":[{"name":"5.2.3","sha":"ffb18e81197430a8a18475f6d104a3913521c985","kind":"tag","published_at":"2025-10-08T07:51:51.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/5.2.3","html_url":"https://github.com/phpmyadmin/composer/releases/tag/5.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@5.2.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.2.3/manifests"},{"name":"5.2.2","sha":"2d78524e9c3c7c54dd780a7298cad0c6cf1d610e","kind":"tag","published_at":"2025-01-21T21:08:34.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/5.2.2","html_url":"https://github.com/phpmyadmin/composer/releases/tag/5.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@5.2.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.2.2/manifests"},{"name":"5.2.1","sha":"102f361e20aa9e769e66095ce4f9ed3f3cb8f052","kind":"tag","published_at":"2023-02-08T23:05:00.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/5.2.1","html_url":"https://github.com/phpmyadmin/composer/releases/tag/5.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@5.2.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.2.1/manifests"},{"name":"4.9.11","sha":"caa35f41fba324f6daa8fec8b5bea541ee3fc72d","kind":"tag","published_at":"2023-02-08T23:04:01.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.9.11","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.9.11","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.9.11","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.11/manifests"},{"name":"5.2.0","sha":"943ebb9197689e11facde883ca7896c14b5f5442","kind":"tag","published_at":"2022-05-11T22:05:01.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/5.2.0","html_url":"https://github.com/phpmyadmin/composer/releases/tag/5.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@5.2.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.2.0/manifests"},{"name":"5.1.4","sha":"506bb6105e581f59f9628c987d92a9494212f52e","kind":"tag","published_at":"2022-05-11T22:04:00.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/5.1.4","html_url":"https://github.com/phpmyadmin/composer/releases/tag/5.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@5.1.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.1.4/manifests"},{"name":"5.1.3","sha":"c295817cb1e09df525c6f9be411c53fca35a7a4a","kind":"tag","published_at":"2022-02-11T23:03:30.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/5.1.3","html_url":"https://github.com/phpmyadmin/composer/releases/tag/5.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@5.1.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.1.3/manifests"},{"name":"4.9.10","sha":"4f3effc173e215a65b5f073a0450fee7df4b902b","kind":"tag","published_at":"2022-02-11T23:02:52.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.9.10","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.9.10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.9.10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.10/manifests"},{"name":"4.9.9","sha":"a6e4ee876258ff4d8baf3948215a36c77faf6d90","kind":"tag","published_at":"2022-02-09T15:51:10.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.9.9","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.9.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.9.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.9/manifests"},{"name":"4.9.8","sha":"6e497ee8dc8b60f5d8e17fe45524968b32984ff1","kind":"tag","published_at":"2022-02-09T15:51:01.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.9.8","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.9.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.9.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.8/manifests"},{"name":"5.1.1","sha":"ecd6bdfe6c017c3c885e1963b3043bb83c3bef24","kind":"tag","published_at":"2022-02-08T15:29:50.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/5.1.1","html_url":"https://github.com/phpmyadmin/composer/releases/tag/5.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@5.1.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.1.1/manifests"},{"name":"5.1.2","sha":"9336931e354dfa1bed11418798b939d197f0c3c0","kind":"tag","published_at":"2022-02-08T15:05:37.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/5.1.2","html_url":"https://github.com/phpmyadmin/composer/releases/tag/5.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@5.1.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.1.2/manifests"},{"name":"5.1.0","sha":"16664b2ddf4bf469d9cb9d04ea69a2c8cbe5db0e","kind":"tag","published_at":"2021-06-04T22:56:41.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/5.1.0","html_url":"https://github.com/phpmyadmin/composer/releases/tag/5.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@5.1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.1.0/manifests"},{"name":"5.0.4","sha":"0e285454ecb52dfe1dcbf88311324c2232630c3c","kind":"tag","published_at":"2020-10-15T23:32:14.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/5.0.4","html_url":"https://github.com/phpmyadmin/composer/releases/tag/5.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@5.0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.0.4/manifests"},{"name":"5.0.3","sha":"8a33e56bb71f045740e86d38fd5082868b86077e","kind":"tag","published_at":"2020-10-15T23:32:00.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/5.0.3","html_url":"https://github.com/phpmyadmin/composer/releases/tag/5.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@5.0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.0.3/manifests"},{"name":"4.9.7","sha":"bafd400a2aa5d18995ce6c9b7ca26f98dfebefca","kind":"tag","published_at":"2020-10-15T23:31:45.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.9.7","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.9.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.9.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.7/manifests"},{"name":"4.9.6","sha":"4b568184ebcbf895b830bd07c1873a3989a5fb26","kind":"tag","published_at":"2020-10-15T23:31:34.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.9.6","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.9.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.9.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.6/manifests"},{"name":"5.0.2","sha":"1fe2977bb2f6a537e2f70b81c43715047ba39f49","kind":"tag","published_at":"2020-03-21T23:01:49.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/5.0.2","html_url":"https://github.com/phpmyadmin/composer/releases/tag/5.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@5.0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.0.2/manifests"},{"name":"4.9.5","sha":"fefecf2977988faec3492a6df2d7884c9f3b0bb2","kind":"tag","published_at":"2020-03-21T23:01:26.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.9.5","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.9.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.9.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.5/manifests"},{"name":"5.0.1","sha":"075f0330c4d826ec8fb143701f9919392a512605","kind":"tag","published_at":"2020-01-13T23:44:24.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/5.0.1","html_url":"https://github.com/phpmyadmin/composer/releases/tag/5.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@5.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.0.1/manifests"},{"name":"4.9.4","sha":"b6eb6784b49ebbcd8fb638be273ee79544f181e0","kind":"tag","published_at":"2020-01-13T23:44:04.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.9.4","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.9.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.9.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.4/manifests"},{"name":"5.0.0","sha":"907ee25ad1cacd270389a17e05b9b61d8261c3c1","kind":"tag","published_at":"2019-12-28T04:22:02.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/5.0.0","html_url":"https://github.com/phpmyadmin/composer/releases/tag/5.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@5.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.0.0/manifests"},{"name":"5.0.0.1","sha":"907ee25ad1cacd270389a17e05b9b61d8261c3c1","kind":"tag","published_at":"2019-12-28T04:19:37.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/5.0.0.1","html_url":"https://github.com/phpmyadmin/composer/releases/tag/5.0.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@5.0.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.0.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/5.0.0.1/manifests"},{"name":"4.9.3","sha":"30c23e771f4a94a056545c1980e4be7a7ab291e0","kind":"tag","published_at":"2019-12-26T23:00:55.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.9.3","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.9.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.9.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.3/manifests"},{"name":"4.9.2","sha":"2f60b3e75e5b7520506e98d18ce2d5973dc551c1","kind":"tag","published_at":"2019-12-03T00:26:29.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.9.2","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.9.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.9.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.2/manifests"},{"name":"4.9.1","sha":"d8d92e44bcef1a942513ee57358b4f39fe82bc2a","kind":"tag","published_at":"2019-09-21T22:01:14.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.9.1","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.9.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.1/manifests"},{"name":"4.0.9","sha":"b715db25f581799cb1b4722b5cd7e41b8958cdf2","kind":"tag","published_at":"2019-07-09T22:04:49.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.0.9","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.0.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.0.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.9/manifests"},{"name":"4.0.8","sha":"8e0eb1b6f8a2791dd6dac5c29129d99b49f08886","kind":"tag","published_at":"2019-07-09T22:04:38.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.0.8","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.0.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.0.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.8/manifests"},{"name":"4.0.7","sha":"149d9b23e421ed8a25fcf9e7afca447cbc565a2b","kind":"tag","published_at":"2019-07-09T22:04:27.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.0.7","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.0.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.0.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.7/manifests"},{"name":"4.0.6","sha":"6e5e9445b5176e0c9be77ef0c35aa9bd8c70122f","kind":"tag","published_at":"2019-07-09T22:04:15.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.0.6","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.0.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.0.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.6/manifests"},{"name":"4.0.5","sha":"81f2c422c097edb85c1ed7b2515228224a890773","kind":"tag","published_at":"2019-07-09T22:04:02.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.0.5","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.0.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.5/manifests"},{"name":"4.0.4.2","sha":"4b14d8ce9ba1f5c8dda6385b216712d91500feeb","kind":"tag","published_at":"2019-07-09T22:03:52.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.0.4.2","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.0.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.0.4.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.4.2/manifests"},{"name":"4.0.4.1","sha":"e2c1e787aa63d75512816f0d9e12c34e4f581713","kind":"tag","published_at":"2019-07-09T22:03:41.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.0.4.1","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.4.1/manifests"},{"name":"4.0.4","sha":"8cd64e63dac73f1d522e23bd39c0785baa5beba8","kind":"tag","published_at":"2019-07-09T22:03:31.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.0.4","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.4/manifests"},{"name":"4.0.3","sha":"f6c578dfb3120e94c92f73a8d873ec24c4cb51ec","kind":"tag","published_at":"2019-07-09T22:03:20.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.0.3","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.3/manifests"},{"name":"4.0.2","sha":"64aa8bd8bfc0217ec0d7e10a1c4b19ec94326b4c","kind":"tag","published_at":"2019-07-09T22:03:09.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.0.2","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.2/manifests"},{"name":"4.0.10.9","sha":"dc207fcaefe71362c9656e49f137ddd0474c489c","kind":"tag","published_at":"2019-07-09T22:02:56.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.0.10.9","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.0.10.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.0.10.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.10.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.10.9/manifests"},{"name":"4.0.10.8","sha":"6fc082ba28601c2d26eb537c79b8cd2ee46d8aa3","kind":"tag","published_at":"2019-07-09T22:02:46.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.0.10.8","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.0.10.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.0.10.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.10.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.10.8/manifests"},{"name":"4.0.10.7","sha":"a072ef610e4b60138bf0670145beabe07c59ef0a","kind":"tag","published_at":"2019-07-09T22:02:31.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.0.10.7","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.0.10.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.0.10.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.10.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.10.7/manifests"},{"name":"4.0.10.6","sha":"43be15ccba033d9a07c0b4e1ac28397d0efe6bca","kind":"tag","published_at":"2019-07-09T22:02:16.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.0.10.6","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.0.10.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.0.10.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.10.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.10.6/manifests"},{"name":"4.0.10.5","sha":"e443f2c241eeff1d90ee965f2a084ec969b80561","kind":"tag","published_at":"2019-07-09T22:02:05.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.0.10.5","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.0.10.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.0.10.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.10.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.10.5/manifests"},{"name":"4.0.10.4","sha":"0d8b92ef4d857d5837af246022db8ffe920d2d7d","kind":"tag","published_at":"2019-07-09T22:01:53.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.0.10.4","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.0.10.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.0.10.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.10.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.10.4/manifests"},{"name":"4.0.10.3","sha":"0d37d57f3bcd6cb70d69296a022320626e5471b7","kind":"tag","published_at":"2019-07-09T22:01:39.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.0.10.3","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.0.10.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.0.10.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.10.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.10.3/manifests"},{"name":"4.0.10.2","sha":"232a1554ea6f33e4c002d0f901be5ebec6920007","kind":"tag","published_at":"2019-07-09T22:01:27.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.0.10.2","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.0.10.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.0.10.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.10.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.10.2/manifests"},{"name":"4.0.10.1","sha":"5baa01071317659addbf99352a9b6db79292cdea","kind":"tag","published_at":"2019-07-09T22:01:15.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.0.10.1","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.0.10.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.0.10.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.10.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.10.1/manifests"},{"name":"4.0.10","sha":"45eb764127da189fd72f763038f0e57d5f2dd95c","kind":"tag","published_at":"2019-07-09T22:01:01.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.0.10","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.0.10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.0.10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.10/manifests"},{"name":"4.0.1","sha":"a9e1284c4202b689914530f12e65735f79c63073","kind":"tag","published_at":"2019-07-09T22:00:49.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.0.1","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.1/manifests"},{"name":"4.0.0","sha":"95e51a860e5d1303986ca0d3c5d7ee3fbbc4923b","kind":"tag","published_at":"2019-07-09T22:00:39.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.0.0","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.0.0/manifests"},{"name":"4.9.0.1","sha":"c9ca6eb4fb65fee331ade214e65e9554ccac43f6","kind":"tag","published_at":"2019-06-04T22:01:20.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.9.0.1","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.9.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.9.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.0.1/manifests"},{"name":"4.9.0","sha":"c1eec94dbb70359b2b8e00a54744d5a7ddb5ce93","kind":"tag","published_at":"2019-06-04T22:01:05.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.9.0","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.9.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.9.0/manifests"},{"name":"4.8.5","sha":"d06f08515b3c24c2453fab729cfda04748a87169","kind":"tag","published_at":"2019-01-26T23:00:48.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.8.5","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.8.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.8.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.8.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.8.5/manifests"},{"name":"4.8.4","sha":"e4dabe76d916a4bf7762f4bfbdda367a078686b6","kind":"tag","published_at":"2018-12-11T23:00:43.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.8.4","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.8.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.8.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.8.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.8.4/manifests"},{"name":"4.8.3","sha":"2e072179e00a7285dbc6c3a702f33dafd5b6be97","kind":"tag","published_at":"2018-08-22T22:00:45.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.8.3","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.8.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.8.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.8.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.8.3/manifests"},{"name":"4.8.2","sha":"a8cc95a806caf207591e23517e1a6ce579f24ce3","kind":"tag","published_at":"2018-06-21T22:00:47.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.8.2","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.8.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.8.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.8.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.8.2/manifests"},{"name":"4.8.1","sha":"921fd523f5387004a73f62b027c1bd620da437c1","kind":"tag","published_at":"2018-05-25T22:00:41.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.8.1","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.8.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.8.1/manifests"},{"name":"4.8.0.1","sha":"745cb01ff1e58abf375d627c3d1187cfa11893f2","kind":"tag","published_at":"2018-04-20T00:30:22.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.8.0.1","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.8.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.8.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.8.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.8.0.1/manifests"},{"name":"4.8.0","sha":"eb59731398d810158334c0b538cf192275ae2af1","kind":"tag","published_at":"2018-04-18T18:49:00.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.8.0","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.8.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.8.0/manifests"},{"name":"4.7.9","sha":"922340556cb2b45e2067b07af2b6242bab4d56c6","kind":"tag","published_at":"2018-03-05T23:00:46.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.7.9","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.7.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.7.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.7.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.7.9/manifests"},{"name":"4.7.8","sha":"e371a72f8f99c58a0d4d8e5c096d15a10fe887e7","kind":"tag","published_at":"2018-02-22T07:39:14.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.7.8","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.7.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.7.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.7.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.7.8/manifests"},{"name":"4.7.7","sha":"2266166b62f1f9b9e0ded2bf618de8f444de2bb5","kind":"tag","published_at":"2017-12-23T23:03:07.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.7.7","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.7.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.7.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.7.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.7.7/manifests"},{"name":"4.7.6","sha":"2d57fe28bae85daf0c384fad50b6bbae8cb6b13d","kind":"tag","published_at":"2017-12-01T09:45:47.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.7.6","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.7.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.7.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.7.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.7.6/manifests"},{"name":"4.7.5","sha":"b74fb121a86ab2c3a12556b298c115906740b5ce","kind":"tag","published_at":"2017-11-13T11:20:21.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.7.5","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.7.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.7.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.7.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.7.5/manifests"},{"name":"4.7.4","sha":"cda5a96cf4544e454d7ae0720638b6a6add1e93e","kind":"tag","published_at":"2017-08-25T22:10:50.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.7.4","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.7.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.7.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.7.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.7.4/manifests"},{"name":"4.7.3","sha":"c347fc60e56cfb8a15b0f5ccdfb5c2b2f3c8408e","kind":"tag","published_at":"2017-07-20T21:14:02.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.7.3","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.7.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.7.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.7.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.7.3/manifests"},{"name":"4.7.2","sha":"72000dad128331d1e0ab7a4cc9d66c9816eb72cc","kind":"tag","published_at":"2017-07-17T15:19:01.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.7.2","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.7.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.7.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.7.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.7.2/manifests"},{"name":"4.7.1","sha":"bd9902bad1270bfd0c6f26db42f6ac57f89076e9","kind":"tag","published_at":"2017-05-31T22:02:30.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.7.1","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.7.1/manifests"},{"name":"4.7.0","sha":"a2b59c0367b9ea4de6d6b81c2817cdcb386de13d","kind":"tag","published_at":"2017-05-16T12:17:13.000Z","download_url":"https://codeload.github.com/phpmyadmin/composer/tar.gz/4.7.0","html_url":"https://github.com/phpmyadmin/composer/releases/tag/4.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/phpmyadmin/composer@4.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/tags/4.7.0/manifests"}]},"repo_metadata_updated_at":"2026-04-04T10:25:01.617Z","dependent_packages_count":4,"downloads":379279,"downloads_period":"total","dependent_repos_count":15,"rankings":{"downloads":2.0479485391149894,"dependent_repos_count":3.0851250658571465,"dependent_packages_count":3.7407328424300967,"stargazers_count":8.444576039826563,"forks_count":3.587775915200305,"docker_downloads_count":null,"average":4.18123168048582},"purl":"pkg:composer/phpmyadmin/phpmyadmin","advisories":[{"uuid":"GSA_kwCzR0hTQS0yMjJ2LWN4MmMtcTJmNc4ABDu_","url":"https://github.com/advisories/GHSA-222v-cx2c-q2f5","title":"phpMyAdmin XSS when checking tables","description":"An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-01-23T06:31:49.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.4,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2025-24530","https://www.phpmyadmin.net/security/PMASA-2025-1","https://github.com/phpmyadmin/phpmyadmin/commit/23c13a81709728089ff031e5b1c29b5e91baa6a7","https://lists.debian.org/debian-lts-announce/2025/04/msg00016.html","https://github.com/advisories/GHSA-222v-cx2c-q2f5"],"source_kind":"github","identifiers":["GHSA-222v-cx2c-q2f5","CVE-2025-24530"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2025-01-23T18:09:10.413Z","updated_at":"2026-04-04T19:04:04.880Z","epss_percentage":0.00196,"epss_percentile":0.41541,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yMjJ2LWN4MmMtcTJmNc4ABDu_","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS0yMjJ2LWN4MmMtcTJmNc4ABDu_","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"5.2.2","vulnerable_version_range":"\u003e= 5.0.0, \u003c 5.2.2"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yMjJ2LWN4MmMtcTJmNc4ABDu_/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS02aHIzLTQ0Z3gtZzZ3aM4AAxks","url":"https://github.com/advisories/GHSA-6hr3-44gx-g6wh","title":"Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin","description":"In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger Cross-site Scripting (XSS) by uploading a crafted .sql file through the drag-and-drop interface. By disabling the configuration directive `$cfg['enable_drag_drop_import']`, users will be unable to use the drag and drop upload which would protect against the vulnerability.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2023-02-13T06:30:59.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.4,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2023-25727","https://github.com/phpmyadmin/phpmyadmin/commit/53f70fd7f3b388639922e6cc1ca51fbe890c91cc","https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e","https://www.phpmyadmin.net/security/PMASA-2023-1","https://github.com/advisories/GHSA-6hr3-44gx-g6wh"],"source_kind":"github","identifiers":["GHSA-6hr3-44gx-g6wh","CVE-2023-25727"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2023-02-14T01:03:01.654Z","updated_at":"2026-04-04T19:08:05.453Z","epss_percentage":0.11079,"epss_percentile":0.93312,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02aHIzLTQ0Z3gtZzZ3aM4AAxks","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS02aHIzLTQ0Z3gtZzZ3aM4AAxks","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"5.2.1","vulnerable_version_range":"\u003e= 5.0, \u003c 5.2.1"},{"first_patched_version":"4.9.11","vulnerable_version_range":"\u003e= 4.3.0, \u003c 4.9.11"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02aHIzLTQ0Z3gtZzZ3aM4AAxks/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1wcmNnLW1jMjMtaGdqaM4AAxNE","url":"https://github.com/advisories/GHSA-prcg-mc23-hgjh","title":"phpmyadmin contains SQL Injection vulnerability","description":"SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.0.2 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2023-01-26T21:30:29.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":9.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2020-22452","https://github.com/phpmyadmin/phpmyadmin/issues/15898","https://github.com/phpmyadmin/phpmyadmin/pull/16004","https://github.com/phpmyadmin/phpmyadmin/commit/bc982466f08ddccad4804ba928f84ff8e25107cb","https://github.com/advisories/GHSA-prcg-mc23-hgjh"],"source_kind":"github","identifiers":["GHSA-prcg-mc23-hgjh","CVE-2020-22452"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2023-02-02T23:03:01.384Z","updated_at":"2026-04-04T19:10:22.429Z","epss_percentage":0.03245,"epss_percentile":0.86846,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wcmNnLW1jMjMtaGdqaM4AAxNE","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1wcmNnLW1jMjMtaGdqaM4AAxNE","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"5.0.2","vulnerable_version_range":"\u003e= 5.0.0, \u003c 5.0.2"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wcmNnLW1jMjMtaGdqaM4AAxNE/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS00YzlxLTY0Z3EteGh4NM4AAq4u","url":"https://github.com/advisories/GHSA-4c9q-64gq-xhx4","title":"phpMyAdmin Cross-Site Request Forgery (CSRF)","description":"A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-24T22:00:34.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2019-12922","https://www.exploit-db.com/exploits/47385","http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html","http://seclists.org/fulldisclosure/2019/Sep/23","https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161","https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN","https://github.com/advisories/GHSA-4c9q-64gq-xhx4"],"source_kind":"github","identifiers":["GHSA-4c9q-64gq-xhx4","CVE-2019-12922"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2024-04-24T18:05:06.597Z","updated_at":"2026-04-04T19:06:13.976Z","epss_percentage":0.4225,"epss_percentile":0.9737,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00YzlxLTY0Z3EteGh4NM4AAq4u","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS00YzlxLTY0Z3EteGh4NM4AAq4u","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.9.1","vulnerable_version_range":"\u003c= 4.9.0.1"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00YzlxLTY0Z3EteGh4NM4AAq4u/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS03ZmY0LWN2NTMtNGNqcc4AAmL9","url":"https://github.com/advisories/GHSA-7ff4-cv53-4cjq","title":"phpMyAdmin SQL injection vulnerability","description":"An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2022-05-24T17:30:27.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":9.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2020-26935","https://advisory.checkmarx.net/advisory/CX-2020-4281","https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html","https://security.gentoo.org/glsa/202101-35","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html","https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-26935.yaml","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5","https://www.phpmyadmin.net/security/PMASA-2020-6","https://github.com/advisories/GHSA-7ff4-cv53-4cjq"],"source_kind":"github","identifiers":["GHSA-7ff4-cv53-4cjq","CVE-2020-26935"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-04-24T18:05:06.500Z","updated_at":"2026-04-04T19:06:13.965Z","epss_percentage":0.91523,"epss_percentile":0.99661,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03ZmY0LWN2NTMtNGNqcc4AAmL9","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS03ZmY0LWN2NTMtNGNqcc4AAmL9","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"5.0.3","vulnerable_version_range":"\u003e= 5.0.0, \u003c 5.0.3"},{"first_patched_version":"4.9.6","vulnerable_version_range":"\u003e= 4.9.0, \u003c 4.9.6"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03ZmY0LWN2NTMtNGNqcc4AAmL9/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS02MzQ5LTUzdnItN2hjcs4AAmMK","url":"https://github.com/advisories/GHSA-6349-53vr-7hcr","title":"phpMyAdmin Cross-site Scripting (XSS)","description":"phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-24T17:30:27.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.1,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2020-26934","https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html","https://security.gentoo.org/glsa/202101-35","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html","https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-26934.yaml","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5","https://www.phpmyadmin.net/security/PMASA-2020-5","https://github.com/advisories/GHSA-6349-53vr-7hcr"],"source_kind":"github","identifiers":["GHSA-6349-53vr-7hcr","CVE-2020-26934"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-04-24T18:05:06.532Z","updated_at":"2026-04-04T19:06:13.969Z","epss_percentage":0.02788,"epss_percentile":0.85638,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02MzQ5LTUzdnItN2hjcs4AAmMK","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS02MzQ5LTUzdnItN2hjcs4AAmMK","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"5.0.3","vulnerable_version_range":"\u003e= 5.0.0, \u003c 5.0.3"},{"first_patched_version":"4.9.6","vulnerable_version_range":"\u003e= 4.9.0, \u003c 4.9.6"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02MzQ5LTUzdnItN2hjcs4AAmMK/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1oNjVyLThmcDgtdzdjeM4AAj_M","url":"https://github.com/advisories/GHSA-h65r-8fp8-w7cx","title":"phpMyAdmin SQL Injection","description":"In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-24T17:12:08.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.0,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2020-10804","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html","https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10804.yaml","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO","https://www.phpmyadmin.net/security/PMASA-2020-2","https://github.com/advisories/GHSA-h65r-8fp8-w7cx"],"source_kind":"github","identifiers":["GHSA-h65r-8fp8-w7cx","CVE-2020-10804"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-04-24T18:05:05.242Z","updated_at":"2026-04-04T19:06:12.251Z","epss_percentage":0.02444,"epss_percentile":0.8492,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oNjVyLThmcDgtdzdjeM4AAj_M","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1oNjVyLThmcDgtdzdjeM4AAj_M","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"5.0.2","vulnerable_version_range":"\u003e= 5.0.0, \u003c 5.0.2"},{"first_patched_version":"4.9.5","vulnerable_version_range":"\u003e= 4.9.0, \u003c 4.9.5"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oNjVyLThmcDgtdzdjeM4AAj_M/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1mY3d3LTh3dmMtMzhxOc4AAj_R","url":"https://github.com/advisories/GHSA-fcww-8wvc-38q9","title":"phpMyAdmin SQL injection vulnerability","description":"In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-24T17:12:07.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.4,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2020-10803","https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html","https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10803.yaml","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO","https://www.phpmyadmin.net/security/PMASA-2020-4","https://github.com/advisories/GHSA-fcww-8wvc-38q9"],"source_kind":"github","identifiers":["GHSA-fcww-8wvc-38q9","CVE-2020-10803"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-04-24T18:05:05.276Z","updated_at":"2026-04-04T19:06:12.252Z","epss_percentage":0.03554,"epss_percentile":0.875,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mY3d3LTh3dmMtMzhxOc4AAj_R","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1mY3d3LTh3dmMtMzhxOc4AAj_R","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"5.0.2","vulnerable_version_range":"\u003e= 5.0.0, \u003c 5.0.2"},{"first_patched_version":"4.9.5","vulnerable_version_range":"\u003e= 3.4, \u003c 4.9.5"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mY3d3LTh3dmMtMzhxOc4AAj_R/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1mNGNyLTN4bWMtMndwbc4AAj_F","url":"https://github.com/advisories/GHSA-f4cr-3xmc-2wpm","title":"phpMyAdmin SQL injection vulnerability","description":"In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-24T17:12:07.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.0,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2020-10802","https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html","https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10802.yaml","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO","https://www.phpmyadmin.net/security/PMASA-2020-3","https://github.com/advisories/GHSA-f4cr-3xmc-2wpm"],"source_kind":"github","identifiers":["GHSA-f4cr-3xmc-2wpm","CVE-2020-10802"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-04-24T18:05:05.303Z","updated_at":"2026-04-04T19:06:12.253Z","epss_percentage":0.01622,"epss_percentile":0.8151,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mNGNyLTN4bWMtMndwbc4AAj_F","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1mNGNyLTN4bWMtMndwbc4AAj_F","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"5.0.2","vulnerable_version_range":"\u003e= 5.0.0, \u003c 5.0.2"},{"first_patched_version":"4.9.5","vulnerable_version_range":"\u003e= 4.9.0, \u003c 4.9.5"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mNGNyLTN4bWMtMndwbc4AAj_F/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1mZ2o4LTkzeHgtZjZnNs4AAjO6","url":"https://github.com/advisories/GHSA-fgj8-93xx-f6g6","title":"phpMyAdmin SQL injection in user accounts page","description":"In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-24T17:05:59.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2020-5504","https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html","https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html","https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-5504.yaml","https://www.phpmyadmin.net/security/PMASA-2020-1","https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-5504.md","https://github.com/advisories/GHSA-fgj8-93xx-f6g6"],"source_kind":"github","identifiers":["GHSA-fgj8-93xx-f6g6","CVE-2020-5504"],"repository_url":"https://github.com/MarkLee131/awesome-web-pocs","blast_radius":0.0,"created_at":"2024-04-24T18:05:06.558Z","updated_at":"2026-04-04T19:06:13.973Z","epss_percentage":0.23238,"epss_percentile":0.95871,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mZ2o4LTkzeHgtZjZnNs4AAjO6","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1mZ2o4LTkzeHgtZjZnNs4AAjO6","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"5.0.1","vulnerable_version_range":"\u003e= 5.0.0, \u003c 5.0.1"},{"first_patched_version":"4.9.4","vulnerable_version_range":"\u003e= 4.0.0, \u003c 4.9.4"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mZ2o4LTkzeHgtZjZnNs4AAjO6/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1wZ3BoLW1jNHAtZjhjM84AAi34","url":"https://github.com/advisories/GHSA-pgph-mc4p-f8c3","title":"phpMyAdmin unsanitized Git information","description":"phpMyAdmin before 4.9.2 does not escape certain Git information, related to `libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php`.","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2022-05-24T17:02:49.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":9.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2019-19617","https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9","https://github.com/phpmyadmin/phpmyadmin/compare/RELEASE_4_9_1...RELEASE_4_9_2","https://lists.debian.org/debian-lts-announce/2019/12/msg00006.html","https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html","https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released","https://github.com/advisories/GHSA-pgph-mc4p-f8c3"],"source_kind":"github","identifiers":["GHSA-pgph-mc4p-f8c3","CVE-2019-19617"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2024-04-24T18:05:04.662Z","updated_at":"2026-04-04T19:06:12.244Z","epss_percentage":0.01155,"epss_percentile":0.78502,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wZ3BoLW1jNHAtZjhjM84AAi34","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1wZ3BoLW1jNHAtZjhjM84AAi34","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.9.2","vulnerable_version_range":"\u003c 4.9.2"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wZ3BoLW1jNHAtZjhjM84AAi34/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1tZnI5LXBjbTMtNm13Y84AAg6P","url":"https://github.com/advisories/GHSA-mfr9-pcm3-6mwc","title":"phpMyAdmin CSRF Vulnerability","description":"An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken `\u003cimg\u003e` tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-24T16:47:19.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2019-12616","https://www.phpmyadmin.net/security/PMASA-2019-4/","https://github.com/phpmyadmin/phpmyadmin/commit/015c404038c44279d95b6430ee5a0dddc97691ec","https://packetstormsecurity.com/files/153251/phpMyAdmin-4.8-Cross-Site-Request-Forgery.html","https://github.com/advisories/GHSA-mfr9-pcm3-6mwc"],"source_kind":"github","identifiers":["GHSA-mfr9-pcm3-6mwc","CVE-2019-12616"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2023-08-02T00:03:49.747Z","updated_at":"2026-04-04T19:09:32.282Z","epss_percentage":0.55051,"epss_percentile":0.98038,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tZnI5LXBjbTMtNm13Y84AAg6P","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1tZnI5LXBjbTMtNm13Y84AAg6P","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.9.0","vulnerable_version_range":"\u003c 4.9.0"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tZnI5LXBjbTMtNm13Y84AAg6P/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS14Mzd2LTk4ZjktbWozMs4AAg5V","url":"https://github.com/advisories/GHSA-x37v-98f9-mj32","title":"phpMyAdmin SQL injection in Designer feature","description":"An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2022-05-24T16:47:12.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":9.8,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2019-11768","https://www.phpmyadmin.net/security/PMASA-2019-3/","https://github.com/phpmyadmin/phpmyadmin/commit/c1ecafc38319e8f768c9259d4d580e42acd5ee86","https://github.com/advisories/GHSA-x37v-98f9-mj32"],"source_kind":"github","identifiers":["GHSA-x37v-98f9-mj32","CVE-2019-11768"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2024-04-24T18:05:06.472Z","updated_at":"2026-04-04T19:06:13.958Z","epss_percentage":0.01803,"epss_percentile":0.82667,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14Mzd2LTk4ZjktbWozMs4AAg5V","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS14Mzd2LTk4ZjktbWozMs4AAg5V","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.9.0.1","vulnerable_version_range":"\u003c 4.9.0.1"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14Mzd2LTk4ZjktbWozMs4AAg5V/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1mcnY4LXhqY3AtaHJtMs4AAgJH","url":"https://github.com/advisories/GHSA-frv8-xjcp-hrm2","title":"phpMyAdmin Cross-site Scripting vulnerability","description":"Cross-site scripting (XSS) vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages (aka debugging messages), a different vulnerability than CVE-2010-3056.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T05:48:25.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2010-2958","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=133a77fac7d31a38703db2099a90c1b49de62e37","http://www.openwall.com/lists/oss-security/2010/09/01/2","http://www.openwall.com/lists/oss-security/2010/09/01/3","http://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=133a77fac7d31a38703db2099a90c1b49de62e37","https://github.com/advisories/GHSA-frv8-xjcp-hrm2"],"source_kind":"github","identifiers":["GHSA-frv8-xjcp-hrm2","CVE-2010-2958"],"repository_url":"https://sourceforge.net/projects/phpmyadmin.sourceforge.net","blast_radius":6.233283672995111,"created_at":"2025-04-12T03:07:46.488Z","updated_at":"2026-04-04T19:03:31.455Z","epss_percentage":0.00442,"epss_percentile":0.62537,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mcnY4LXhqY3AtaHJtMs4AAgJH","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1mcnY4LXhqY3AtaHJtMs4AAgJH","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"3.3.6","vulnerable_version_range":"\u003e= 3.0.0, \u003c 3.3.6"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mcnY4LXhqY3AtaHJtMs4AAgJH/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1nbWM3LWp2djctdzI0Nc4AAgCV","url":"https://github.com/advisories/GHSA-gmc7-jvv7-w245","title":"phpMyAdmin allows remote attackers to bypass authentication and obtain sensitive information","description":"phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-17T05:44:04.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.0,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U","references":["https://nvd.nist.gov/vuln/detail/CVE-2010-4481","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=4d9fd005671b05c4d74615d5939ed45e4d019e4c","http://www.debian.org/security/2010/dsa-2139","http://www.mandriva.com/security/advisories?name=MDVSA-2011:000","http://www.phpmyadmin.net/home_page/security/PMASA-2010-10.php","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=4d9fd005671b05c4d74615d5939ed45e4d019e4c","https://github.com/advisories/GHSA-gmc7-jvv7-w245"],"source_kind":"github","identifiers":["GHSA-gmc7-jvv7-w245","CVE-2010-4481"],"repository_url":"https://sourceforge.net/projects/phpmyadmin.sourceforge.net","blast_radius":9.40873007244545,"created_at":"2025-04-12T02:07:45.616Z","updated_at":"2026-04-04T19:03:31.473Z","epss_percentage":0.00694,"epss_percentile":0.71511,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nbWM3LWp2djctdzI0Nc4AAgCV","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1nbWM3LWp2djctdzI0Nc4AAgCV","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"3.4.0-beta1","vulnerable_version_range":"\u003c 3.4.0-beta1"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nbWM3LWp2djctdzI0Nc4AAgCV/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS05NjQ1LTZnNzItMnB2OM4AAgCl","url":"https://github.com/advisories/GHSA-9645-6g72-2pv8","title":"phpMyAdmin unsafely handles temporary files","description":"`libraries/File.class.php` in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-17T05:44:03.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2008-7252","http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html","http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/libraries/File.class.php?r1=11528\u0026r2=11527\u0026pathrev=11528","http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev\u0026revision=11528","http://www.debian.org/security/2010/dsa-2034","http://www.phpmyadmin.net/home_page/security/PMASA-2010-2.php","https://web.archive.org/web/20100613071447/http://secunia.com/advisories/38211","https://web.archive.org/web/20100613071509/http://secunia.com/advisories/39503","https://web.archive.org/web/20110729050522/http://www.securityfocus.com/bid/37826","https://github.com/advisories/GHSA-9645-6g72-2pv8"],"source_kind":"github","identifiers":["GHSA-9645-6g72-2pv8","CVE-2008-7252"],"repository_url":"https://sourceforge.net/projects/phpmyadmin.sourceforge.net","blast_radius":0.0,"created_at":"2024-02-09T20:05:11.296Z","updated_at":"2026-04-04T19:07:02.465Z","epss_percentage":0.03137,"epss_percentile":0.86506,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05NjQ1LTZnNzItMnB2OM4AAgCl","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS05NjQ1LTZnNzItMnB2OM4AAgCl","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"2.11.10","vulnerable_version_range":"\u003e= 2.11.0, \u003c 2.11.10"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05NjQ1LTZnNzItMnB2OM4AAgCl/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12NmZ3LXhmMmMtOHE0M84AAfzf","url":"https://github.com/advisories/GHSA-v6fw-xf2c-8q43","title":"phpMyAdmin Open Redirect in redirector","description":"Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T05:34:37.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2011-1941","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=b7a8179eb6bf0f1643970ac57a70b5b513a1cd4f","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=ecfc8ba4f7b4ea612c58ab5726054ed0f28e200d","http://www.phpmyadmin.net/home_page/security/PMASA-2011-4.php","https://github.com/phpmyadmin/composer/commit/b7a8179eb6bf0f1643970ac57a70b5b513a1cd4f","https://github.com/phpmyadmin/composer/commit/ecfc8ba4f7b4ea612c58ab5726054ed0f28e200d","https://github.com/advisories/GHSA-v6fw-xf2c-8q43"],"source_kind":"github","identifiers":["GHSA-v6fw-xf2c-8q43","CVE-2011-1941"],"repository_url":"https://sourceforge.net/projects/phpmyadmin.sourceforge.net","blast_radius":0.0,"created_at":"2024-01-15T18:05:57.445Z","updated_at":"2026-04-04T19:07:27.751Z","epss_percentage":0.00253,"epss_percentile":0.48506,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NmZ3LXhmMmMtOHE0M84AAfzf","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12NmZ3LXhmMmMtOHE0M84AAfzf","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"3.4.1","vulnerable_version_range":"\u003e= 3.4.0, \u003c 3.4.1"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NmZ3LXhmMmMtOHE0M84AAfzf/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1xN3YyLXczOHItcHY3ds4AAfkT","url":"https://github.com/advisories/GHSA-q7v2-w38r-pv7v","title":"phpMyAdmin Multiple XSS Vulnerabilities","description":"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2022-05-17T05:25:11.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2012-4579","http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php","https://github.com/advisories/GHSA-q7v2-w38r-pv7v"],"source_kind":"github","identifiers":["GHSA-q7v2-w38r-pv7v","CVE-2012-4579"],"repository_url":null,"blast_radius":0.0,"created_at":"2023-08-29T23:05:21.067Z","updated_at":"2026-04-04T19:09:12.813Z","epss_percentage":0.00185,"epss_percentile":0.40472,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xN3YyLXczOHItcHY3ds4AAfkT","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1xN3YyLXczOHItcHY3ds4AAfkT","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"3.5.2.2","vulnerable_version_range":"\u003e= 3.5, \u003c 3.5.2.2"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xN3YyLXczOHItcHY3ds4AAfkT/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS00cTU4LTV4MjgtNTN3ds4AAfbH","url":"https://github.com/advisories/GHSA-4q58-5x28-53wv","title":"phpMyAdmin Vulnerable to Cross-Site Scripting","description":"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2022-05-17T05:19:28.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":1.3,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U","references":["https://nvd.nist.gov/vuln/detail/CVE-2011-1940","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=7e10c132a3887c8ebfd7a8eee356b28375f1e287","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=d3ccf798fdbd4f8a89d4088130637d8dee918492","http://www.debian.org/security/2012/dsa-2391","http://www.phpmyadmin.net/home_page/security/PMASA-2011-3.php","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=7e10c132a3887c8ebfd7a8eee356b28375f1e287","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=d3ccf798fdbd4f8a89d4088130637d8dee918492","https://github.com/advisories/GHSA-4q58-5x28-53wv"],"source_kind":"github","identifiers":["GHSA-4q58-5x28-53wv","CVE-2011-1940"],"repository_url":"https://sourceforge.net/projects/phpmyadmin.sourceforge.net","blast_radius":1.5289186367723857,"created_at":"2025-04-12T01:07:52.993Z","updated_at":"2026-04-04T19:03:31.484Z","epss_percentage":0.00285,"epss_percentile":0.51531,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00cTU4LTV4MjgtNTN3ds4AAfbH","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS00cTU4LTV4MjgtNTN3ds4AAfbH","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"3.4.1","vulnerable_version_range":"\u003e= 3.4.0, \u003c 3.4.1"},{"first_patched_version":"3.3.10.1","vulnerable_version_range":"\u003e= 3.3.0, \u003c 3.3.10.1"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00cTU4LTV4MjgtNTN3ds4AAfbH/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS05ajloLWNwZ2MtODM1Ns4AAfa7","url":"https://github.com/advisories/GHSA-9j9h-cpgc-8356","title":"phpMyAdmin vulnerable to Cross-site Scripting","description":"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel; (2) a crafted database name, related to the Database rename panel; (3) a crafted SQL query, related to the table overview panel; (4) a crafted SQL query, related to the view creation dialog; (5) a crafted column type, related to the table search dialog; or (6) a crafted column type, related to the create index dialog.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2022-05-17T05:19:13.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":2.6,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U","references":["https://nvd.nist.gov/vuln/detail/CVE-2011-4634","http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071040.html","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=077c10020e349e8c1beb46309098992fde616913","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=1490533d91e9d3820e78ca4eac7981886eaea2cb","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=b289fe082441dc739939b0ba15dae0d9dc6cee92","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=dac8d6ce256333ff45b5f46270304b8657452740","http://www.mandriva.com/security/advisories?name=MDVSA-2011:198","http://www.phpmyadmin.net/home_page/security/PMASA-2011-18.php","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=077c10020e349e8c1beb46309098992fde616913","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=1490533d91e9d3820e78ca4eac7981886eaea2cb","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=b289fe082441dc739939b0ba15dae0d9dc6cee92","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=dac8d6ce256333ff45b5f46270304b8657452740","https://github.com/advisories/GHSA-9j9h-cpgc-8356"],"source_kind":"github","identifiers":["GHSA-9j9h-cpgc-8356","CVE-2011-4634"],"repository_url":"https://sourceforge.net/projects/phpmyadmin.sourceforge.net","blast_radius":3.0578372735447714,"created_at":"2025-04-12T03:07:47.568Z","updated_at":"2026-04-04T19:03:31.468Z","epss_percentage":0.00421,"epss_percentile":0.6152,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05ajloLWNwZ2MtODM1Ns4AAfa7","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS05ajloLWNwZ2MtODM1Ns4AAfa7","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"3.4.8","vulnerable_version_range":"\u003e= 3.4.0, \u003c 3.4.8"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05ajloLWNwZ2MtODM1Ns4AAfa7/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1yZnBnLTJmcDgtMmZwaM4AAfWz","url":"https://github.com/advisories/GHSA-rfpg-2fp8-2fph","title":"phpMyAdmin multiple cross-site scripting vulnerabilities","description":"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2022-05-17T05:16:32.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2012-5339","https://github.com/phpmyadmin/phpmyadmin/commit/6ea8fad3f999bfdf79eb6fe31309592bca54d611","https://github.com/phpmyadmin/phpmyadmin/commit/cfd688d2512df9827a8ecc0412fc264fc5bcb186","http://lists.opensuse.org/opensuse-updates/2012-11/msg00033.html","http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php","https://web.archive.org/web/20121020000514/http://www.securityfocus.com/bid/55925","https://github.com/advisories/GHSA-rfpg-2fp8-2fph"],"source_kind":"github","identifiers":["GHSA-rfpg-2fp8-2fph","CVE-2012-5339"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2023-08-29T22:05:26.206Z","updated_at":"2026-04-04T19:09:12.822Z","epss_percentage":0.00208,"epss_percentile":0.43059,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yZnBnLTJmcDgtMmZwaM4AAfWz","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1yZnBnLTJmcDgtMmZwaM4AAfWz","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"3.5.3","vulnerable_version_range":"\u003e= 3.5, \u003c 3.5.3"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yZnBnLTJmcDgtMmZwaM4AAfWz/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS14cHhwLXYzM20tNWpwOc4AAfW0","url":"https://github.com/advisories/GHSA-xpxp-v33m-5jp9","title":"phpMyAdmin Unsafe Fetching of Javascript Code","description":"phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T05:16:32.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2012-5368","https://github.com/phpmyadmin/phpmyadmin/commit/50edafc0884aa15d0a1aa178089ac6a1ad2eb18a","https://github.com/phpmyadmin/phpmyadmin/commit/a547f3d3e2cf36c6a904fa3e053fd8bddd3fbbb0","http://lists.opensuse.org/opensuse-updates/2012-11/msg00033.html","http://www.phpmyadmin.net/home_page/security/PMASA-2012-7.php","https://web.archive.org/web/20200228143700/http://www.securityfocus.com/bid/55939","https://github.com/advisories/GHSA-xpxp-v33m-5jp9"],"source_kind":"github","identifiers":["GHSA-xpxp-v33m-5jp9","CVE-2012-5368"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2023-08-16T00:05:19.184Z","updated_at":"2026-04-04T19:09:29.479Z","epss_percentage":0.00425,"epss_percentile":0.62051,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14cHhwLXYzM20tNWpwOc4AAfW0","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS14cHhwLXYzM20tNWpwOc4AAfW0","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"3.5.3","vulnerable_version_range":"\u003e= 3.5, \u003c 3.5.3"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14cHhwLXYzM20tNWpwOc4AAfW0/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1yM3BxLW1wOHYtY3AzM84AAfQa","url":"https://github.com/advisories/GHSA-r3pq-mp8v-cp33","title":"phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page","description":"Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2022-05-17T05:12:26.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2012-4345","http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php","https://web.archive.org/web/20150523055725/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2012:136/?name=MDVSA-2012:136","https://github.com/advisories/GHSA-r3pq-mp8v-cp33"],"source_kind":"github","identifiers":["GHSA-r3pq-mp8v-cp33","CVE-2012-4345"],"repository_url":null,"blast_radius":0.0,"created_at":"2023-08-29T22:05:26.193Z","updated_at":"2026-04-04T19:09:12.821Z","epss_percentage":0.00209,"epss_percentile":0.43336,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yM3BxLW1wOHYtY3AzM84AAfQa","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1yM3BxLW1wOHYtY3AzM84AAfQa","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"3.5.2.2","vulnerable_version_range":"\u003e= 3.5, \u003c 3.5.2.2"},{"first_patched_version":"3.4.11.1","vulnerable_version_range":"\u003e= 3.4, \u003c 3.4.11.1"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yM3BxLW1wOHYtY3AzM84AAfQa/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS14OTYyLXc3MnAtbXY3cc4AAfJG","url":"https://github.com/advisories/GHSA-x962-w72p-mv7q","title":"phpMyAdmin Global variables scope injection vulnerability","description":"import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T05:07:49.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.4,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","references":["https://nvd.nist.gov/vuln/detail/CVE-2013-4729","https://github.com/phpmyadmin/phpmyadmin/commit/012464268420e53a9cd81cbb4a43988d70393c36","http://www.phpmyadmin.net/home_page/security/PMASA-2013-7.php","https://github.com/advisories/GHSA-x962-w72p-mv7q"],"source_kind":"github","identifiers":["GHSA-x962-w72p-mv7q","CVE-2013-4729"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2023-08-29T00:05:32.433Z","updated_at":"2026-04-04T19:09:17.147Z","epss_percentage":0.00367,"epss_percentile":0.58511,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14OTYyLXc3MnAtbXY3cc4AAfJG","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS14OTYyLXc3MnAtbXY3cc4AAfJG","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.4.1","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.4.1"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14OTYyLXc3MnAtbXY3cc4AAfJG/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS01Z2g0LXYyY2gtcGN4NM4AAfH_","url":"https://github.com/advisories/GHSA-5gh4-v2ch-pcx4","title":"phpMyAdmin Multiple cross-site scripting (XSS) vulnerabilities ","description":"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitle (aka chart title) value.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T05:07:14.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2013-4997","http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php","https://github.com/advisories/GHSA-5gh4-v2ch-pcx4"],"source_kind":"github","identifiers":["GHSA-5gh4-v2ch-pcx4","CVE-2013-4997"],"repository_url":null,"blast_radius":0.0,"created_at":"2023-08-29T19:05:25.628Z","updated_at":"2026-04-04T19:09:14.311Z","epss_percentage":0.00263,"epss_percentile":0.49519,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01Z2g0LXYyY2gtcGN4NM4AAfH_","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS01Z2g0LXYyY2gtcGN4NM4AAfH_","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"3.5.8.2","vulnerable_version_range":"\u003e= 3.5, \u003c 3.5.8.2"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01Z2g0LXYyY2gtcGN4NM4AAfH_/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1nZzM2LTkzNDYtOXF4Oc4AAe5s","url":"https://github.com/advisories/GHSA-gg36-9346-9qx9","title":"phpMyAdmin Remote Code Execution","description":"phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-17T04:58:08.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.6,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2013-3239","https://github.com/phpmyadmin/phpmyadmin/commit/1f6bc0b707002e26cab216b9e57b4d5de764de48","https://github.com/phpmyadmin/phpmyadmin/commit/d3fafdfba0807068196655e9b6d16c5d1d3ccf8a","http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104725.html","http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104770.html","http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104936.html","http://lists.opensuse.org/opensuse-updates/2013-06/msg00181.html","http://www.phpmyadmin.net/home_page/security/PMASA-2013-3.php","https://github.com/advisories/GHSA-gg36-9346-9qx9"],"source_kind":"github","identifiers":["GHSA-gg36-9346-9qx9","CVE-2013-3239"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2023-08-29T19:05:25.804Z","updated_at":"2026-04-04T19:09:15.887Z","epss_percentage":0.12333,"epss_percentile":0.93591,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nZzM2LTkzNDYtOXF4Oc4AAe5s","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1nZzM2LTkzNDYtOXF4Oc4AAe5s","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"3.5.8.1","vulnerable_version_range":"\u003e= 3.5.0, \u003c 3.5.8.1"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nZzM2LTkzNDYtOXF4Oc4AAe5s/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS0zcDg3LXczYzUtMjdnZs4AAd7r","url":"https://github.com/advisories/GHSA-3p87-w3c5-27gf","title":"phpMyAdmin Multiple XSS Vulnerabilities After Inline Editing and Save","description":"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to (1) `js/functions.js` and (2) `js/tbl_structure.js`.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2022-05-17T04:19:07.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2011-3591","https://github.com/phpmyadmin/phpmyadmin/commit/bda213c58aec44925be661acb0e76c19483ea170","https://bugzilla.redhat.com/show_bug.cgi?id=738681","http://www.openwall.com/lists/oss-security/2011/09/30/8","http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php","https://github.com/advisories/GHSA-3p87-w3c5-27gf"],"source_kind":"github","identifiers":["GHSA-3p87-w3c5-27gf","CVE-2011-3591"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2024-01-15T19:05:56.226Z","updated_at":"2026-04-04T19:07:27.749Z","epss_percentage":0.0018,"epss_percentile":0.39627,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zcDg3LXczYzUtMjdnZs4AAd7r","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS0zcDg3LXczYzUtMjdnZs4AAd7r","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"3.4.5","vulnerable_version_range":"\u003e= 3.4.0, \u003c 3.4.5"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zcDg3LXczYzUtMjdnZs4AAd7r/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS01cDY5LXJteDgtN2d3N84AAd7q","url":"https://github.com/advisories/GHSA-5p69-rmx8-7gw7","title":"phpMyAdmin Multiple XSS Vulnerabilities","description":"Multiple cross-site scripting (XSS) vulnerabilities in the `PMA_unInlineEditRow` function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a (1) database name, (2) table name, or (3) column name that is not properly handled after an inline-editing operation.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2022-05-17T04:19:07.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2011-3592","https://github.com/phpmyadmin/phpmyadmin/commit/2f28ce9c800274190418da0945ce3647d36e1db6","https://bugzilla.redhat.com/show_bug.cgi?id=738681","http://www.openwall.com/lists/oss-security/2011/09/30/8","http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php","https://github.com/phpmyadmin/phpmyadmin/commit/bda213c58aec44925be661acb0e76c19483ea170","https://github.com/advisories/GHSA-5p69-rmx8-7gw7"],"source_kind":"github","identifiers":["GHSA-5p69-rmx8-7gw7","CVE-2011-3592"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2024-01-15T18:05:57.507Z","updated_at":"2026-04-04T19:07:27.752Z","epss_percentage":0.0018,"epss_percentile":0.39627,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01cDY5LXJteDgtN2d3N84AAd7q","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS01cDY5LXJteDgtN2d3N84AAd7q","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"3.4.5","vulnerable_version_range":"\u003e= 3.4.0, \u003c 3.4.5"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01cDY5LXJteDgtN2d3N84AAd7q/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS13djhnLWZ4OWotcTJqZ84AAdaE","url":"https://github.com/advisories/GHSA-wv8g-fx9j-q2jg","title":"phpMyAdmin cross-site scripting Vulnerability via ENUM value","description":"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to `libraries/TableSearch.class.php` and `libraries/Util.class.php`.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2022-05-17T03:57:46.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2014-7217","https://github.com/phpmyadmin/phpmyadmin/commit/304fb2b645b36a39e03b954fdbd567173ebe6448","https://github.com/phpmyadmin/phpmyadmin/commit/c1a3f85fbd1a9569646e7cf1b791325ae82c7961","http://lists.opensuse.org/opensuse-updates/2014-10/msg00009.html","http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php","https://web.archive.org/web/20141010205819/http://www.securityfocus.com/bid/70252","https://github.com/advisories/GHSA-wv8g-fx9j-q2jg"],"source_kind":"github","identifiers":["GHSA-wv8g-fx9j-q2jg","CVE-2014-7217"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2023-08-17T00:05:15.767Z","updated_at":"2026-04-04T19:09:27.225Z","epss_percentage":0.00339,"epss_percentile":0.56502,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13djhnLWZ4OWotcTJqZ84AAdaE","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS13djhnLWZ4OWotcTJqZ84AAdaE","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.2.9.1","vulnerable_version_range":"\u003e= 4.2.0, \u003c 4.2.9.1"},{"first_patched_version":"4.1.14.5","vulnerable_version_range":"\u003e= 4.1.0, \u003c 4.1.14.5"},{"first_patched_version":"4.0.10.4","vulnerable_version_range":"\u003e= 4.0.0, \u003c 4.0.10.4"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13djhnLWZ4OWotcTJqZ84AAdaE/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS00Z21nLWd3amgtM21tcs4AAdCI","url":"https://github.com/advisories/GHSA-4gmg-gwjh-3mmr","title":"phpMyAdmin Cryptographic Vulnerability","description":"The `suggestPassword` function in `js/functions.js` in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the `Math.random` JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-17T03:43:03.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-1927","https://github.com/phpmyadmin/phpmyadmin/commit/8dedcc1a175eb07debd4fe116407c43694c60b22","https://github.com/phpmyadmin/phpmyadmin/commit/912856b432d794201884c36e5f390d446339b6e4","http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html","http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html","http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html","http://www.debian.org/security/2016/dsa-3627","http://www.phpmyadmin.net/home_page/security/PMASA-2016-4.php","https://github.com/phpmyadmin/phpmyadmin/commit/2369daa7f5f550797f560e6b46a021e4558c2d72","https://github.com/phpmyadmin/phpmyadmin/commit/5530a72e162fab442218486a90ff3365c96fde98","https://github.com/phpmyadmin/phpmyadmin/commit/6a96e67487f2faecb4de4204fee9b96b94020720","https://github.com/phpmyadmin/phpmyadmin/commit/8b6737735be5787d0b98c6cdfe2c7e3131b1bc95","https://github.com/advisories/GHSA-4gmg-gwjh-3mmr"],"source_kind":"github","identifiers":["GHSA-4gmg-gwjh-3mmr","CVE-2016-1927"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2023-07-31T23:03:46.298Z","updated_at":"2026-04-04T19:08:12.309Z","epss_percentage":0.00628,"epss_percentile":0.69604,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00Z21nLWd3amgtM21tcs4AAdCI","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS00Z21nLWd3amgtM21tcs4AAdCI","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.5.4","vulnerable_version_range":"\u003e= 4.5.0, \u003c 4.5.4"},{"first_patched_version":"4.4.15.3","vulnerable_version_range":"\u003e= 4.4.0, \u003c 4.4.15.3"},{"first_patched_version":"4.0.10.13","vulnerable_version_range":"\u003e= 4.0.0, \u003c 4.0.10.13"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00Z21nLWd3amgtM21tcs4AAdCI/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS03cmY4LTlyOGYtcWY1Oc4AAcvl","url":"https://github.com/advisories/GHSA-7rf8-9r8f-qf59","title":"phpMyAdmin Cross-site scripting (XSS) vulnerability in SQL parser","description":"Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T03:31:15.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.4,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-2559","https://github.com/phpmyadmin/phpmyadmin/commit/3a6a9a807d99371ee126635e1a505fc1fe0df32c","http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html","https://www.phpmyadmin.net/security/PMASA-2016-10","https://github.com/advisories/GHSA-7rf8-9r8f-qf59"],"source_kind":"github","identifiers":["GHSA-7rf8-9r8f-qf59","CVE-2016-2559"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2024-04-24T18:05:06.061Z","updated_at":"2026-04-04T19:06:13.884Z","epss_percentage":0.00278,"epss_percentile":0.50901,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03cmY4LTlyOGYtcWY1Oc4AAcvl","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS03cmY4LTlyOGYtcWY1Oc4AAcvl","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.5.5.1","vulnerable_version_range":"\u003e= 4.5, \u003c 4.5.5.1"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03cmY4LTlyOGYtcWY1Oc4AAcvl/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS13OHFnLWo5ZnAtaHJqZs4AAcvj","url":"https://github.com/advisories/GHSA-w8qg-j9fp-hrjf","title":"phpMyAdmin Improper Input Validation","description":"The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T03:31:14.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.8,"cvss_vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-2562","https://github.com/phpmyadmin/phpmyadmin/commit/e42b7e3aedd29dd0f7a48575f20bfc5aca0ff976","http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html","https://www.phpmyadmin.net/security/PMASA-2016-13","https://github.com/advisories/GHSA-w8qg-j9fp-hrjf"],"source_kind":"github","identifiers":["GHSA-w8qg-j9fp-hrjf","CVE-2016-2562"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2024-04-24T18:05:06.103Z","updated_at":"2026-04-04T19:06:13.884Z","epss_percentage":0.0023,"epss_percentile":0.4551,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13OHFnLWo5ZnAtaHJqZs4AAcvj","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS13OHFnLWo5ZnAtaHJqZs4AAcvj","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.5.5.1","vulnerable_version_range":"\u003e= 4.5, \u003c 4.5.5.1"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13OHFnLWo5ZnAtaHJqZs4AAcvj/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS01cG1nLXFoMmMtN2oyNM4AAcma","url":"https://github.com/advisories/GHSA-5pmg-qh2c-7j24","title":"phpMyAdmin allows remote attackers to spoof content via the url parameter","description":"The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-17T03:25:30.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.7,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2015-7873","https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171311.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171326.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169987.html","http://www.debian.org/security/2015/dsa-3382","https://www.phpmyadmin.net/security/PMASA-2015-5","https://github.com/phpmyadmin/phpmyadmin/commit/2b31866fe0b30b867aaf5b5fedb11adb354e037f","https://web.archive.org/web/20161014120907/http://www.securitytracker.com/id/1034013","https://web.archive.org/web/20200228052850/http://www.securityfocus.com/bid/77299","https://github.com/advisories/GHSA-5pmg-qh2c-7j24"],"source_kind":"github","identifiers":["GHSA-5pmg-qh2c-7j24","CVE-2015-7873"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":10.231993953784427,"created_at":"2025-04-14T20:08:43.169Z","updated_at":"2026-04-04T19:03:30.001Z","epss_percentage":0.00625,"epss_percentile":0.69542,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01cG1nLXFoMmMtN2oyNM4AAcma","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS01cG1nLXFoMmMtN2oyNM4AAcma","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.5.1","vulnerable_version_range":"\u003e= 4.5.0, \u003c 4.5.1"},{"first_patched_version":"4.4.15.1","vulnerable_version_range":"\u003e= 4.4.0, \u003c 4.4.15.1"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01cG1nLXFoMmMtN2oyNM4AAcma/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1qcW1yLXdxZ3AtOG1oMs4AAcfP","url":"https://github.com/advisories/GHSA-jqmr-wqgp-8mh2","title":"phpMyAdmin cross-site scripting Vulnerability in Table or Column Names","description":"Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2022-05-17T03:20:58.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2014-4986","https://github.com/phpmyadmin/phpmyadmin/commit/29a1f56495a7d1d98da31a614f23c0819a606a4d","https://security.gentoo.org/glsa/201505-03","http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html","http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php","https://web.archive.org/web/20200228081340/http://www.securityfocus.com/bid/68803","https://github.com/advisories/GHSA-jqmr-wqgp-8mh2"],"source_kind":"github","identifiers":["GHSA-jqmr-wqgp-8mh2","CVE-2014-4986"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2023-08-17T00:05:15.847Z","updated_at":"2026-04-04T19:09:27.229Z","epss_percentage":0.00339,"epss_percentile":0.56502,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qcW1yLXdxZ3AtOG1oMs4AAcfP","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1qcW1yLXdxZ3AtOG1oMs4AAcfP","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.2.6","vulnerable_version_range":"\u003e= 4.2.0, \u003c 4.2.6"},{"first_patched_version":"4.1.14.2","vulnerable_version_range":"\u003e= 4.1.0, \u003c 4.1.14.2"},{"first_patched_version":"4.0.10.1","vulnerable_version_range":"\u003e= 4.0.0, \u003c 4.0.10.1"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qcW1yLXdxZ3AtOG1oMs4AAcfP/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12NmZoLXZnMjItcjZjbc4AAcbd","url":"https://github.com/advisories/GHSA-v6fh-vg22-r6cm","title":"phpMyAdmin ReCaptcha bypass","description":"libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T03:18:28.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2015-6830","https://github.com/phpmyadmin/phpmyadmin/commit/785f4e2711848eb8945894199d5870253a88584e","https://www.phpmyadmin.net/security/PMASA-2015-4/","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166294.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166307.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166531.html","http://www.debian.org/security/2015/dsa-3382","https://github.com/phpmyadmin/phpmyadmin/commit/0314e67900f01410bc8c81c58a40dc0515e3c91d","https://web.archive.org/web/20200228052837/http://www.securityfocus.com/bid/76674","https://web.archive.org/web/20211215060142/http://www.securitytracker.com/id/1033546","https://github.com/advisories/GHSA-v6fh-vg22-r6cm"],"source_kind":"github","identifiers":["GHSA-v6fh-vg22-r6cm","CVE-2015-6830"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2023-08-03T22:05:00.595Z","updated_at":"2026-04-04T19:09:32.253Z","epss_percentage":0.21219,"epss_percentile":0.95501,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NmZoLXZnMjItcjZjbc4AAcbd","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12NmZoLXZnMjItcjZjbc4AAcbd","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.4.14.1","vulnerable_version_range":"\u003e= 4.4.0, \u003c 4.4.14.1"},{"first_patched_version":"4.3.13.2","vulnerable_version_range":"\u003e= 4.3.0, \u003c 4.3.13.2"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NmZoLXZnMjItcjZjbc4AAcbd/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1wNjMyLTV3NzQteDh4eM4AAcSd","url":"https://github.com/advisories/GHSA-p632-5w74-x8xx","title":"phpMyAdmin Cross-site scripting (XSS) vulnerability via pageNumber value ","description":"Cross-site scripting (XSS) vulnerability in `libraries/schema/Export_Relation_Schema.class.php` in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2022-05-17T03:12:55.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2013-5002","http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php","https://github.com/advisories/GHSA-p632-5w74-x8xx"],"source_kind":"github","identifiers":["GHSA-p632-5w74-x8xx","CVE-2013-5002"],"repository_url":null,"blast_radius":0.0,"created_at":"2023-08-29T19:05:25.818Z","updated_at":"2026-04-04T19:09:15.888Z","epss_percentage":0.00209,"epss_percentile":0.43336,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wNjMyLTV3NzQteDh4eM4AAcSd","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1wNjMyLTV3NzQteDh4eM4AAcSd","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.4.2","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.4.2"},{"first_patched_version":"3.5.8.2","vulnerable_version_range":"\u003e= 3.5, \u003c 3.5.8.2"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wNjMyLTV3NzQteDh4eM4AAcSd/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS0zcTI4LXhmdzMtMnEzNc4AAbaX","url":"https://github.com/advisories/GHSA-3q28-xfw3-2q35","title":"phpMyAdmin XSS Vulnerability","description":"Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in `templates/table/structure/display_partitions.phtml` in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T02:37:29.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.1,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-5732","https://github.com/phpmyadmin/phpmyadmin/commit/0815af37f483f329f0c0565d68821fea9c47b5f5","https://github.com/phpmyadmin/phpmyadmin/commit/792cd1262f012b9b13639519d414f2acaeb5e972","https://security.gentoo.org/glsa/201701-32","https://www.phpmyadmin.net/security/PMASA-2016-25/","https://github.com/advisories/GHSA-3q28-xfw3-2q35"],"source_kind":"github","identifiers":["GHSA-3q28-xfw3-2q35","CVE-2016-5732"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2023-07-31T22:03:48.289Z","updated_at":"2026-04-04T19:08:12.354Z","epss_percentage":0.00224,"epss_percentile":0.44988,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zcTI4LXhmdzMtMnEzNc4AAbaX","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS0zcTI4LXhmdzMtMnEzNc4AAbaX","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.6.3","vulnerable_version_range":"\u003e= 4.6.0, \u003c 4.6.3"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zcTI4LXhmdzMtMnEzNc4AAbaX/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS14cXc5LWZmeDctZzk5OM4AAbaV","url":"https://github.com/advisories/GHSA-xqw9-ffx7-g998","title":"phpMyAdmin cookie-attribute injection","description":"phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2022-05-17T02:37:29.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":3.7,"cvss_vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-5702","https://github.com/phpmyadmin/phpmyadmin/commit/27caf5b46bd0890e576fea7bd7b166a0639fdf68","https://security.gentoo.org/glsa/201701-32","https://www.phpmyadmin.net/security/PMASA-2016-18/","https://github.com/advisories/GHSA-xqw9-ffx7-g998"],"source_kind":"github","identifiers":["GHSA-xqw9-ffx7-g998","CVE-2016-5702"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2023-07-31T20:03:59.330Z","updated_at":"2026-04-04T19:08:12.353Z","epss_percentage":0.00248,"epss_percentile":0.47931,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14cXc5LWZmeDctZzk5OM4AAbaV","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS14cXc5LWZmeDctZzk5OM4AAbaV","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.6.3","vulnerable_version_range":"\u003e= 4.6.0, \u003c 4.6.3"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14cXc5LWZmeDctZzk5OM4AAbaV/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1ydjU3LTQ3OXgteDRxds4AAbaU","url":"https://github.com/advisories/GHSA-rv57-479x-x4qv","title":"phpMyAdmin Code Injection vulnerability","description":"phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2022-05-17T02:37:29.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":9.8,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-5734","https://github.com/phpmyadmin/phpmyadmin/commit/1cc7466db3a05e95fe57a6702f41773e6829d54b","https://github.com/phpmyadmin/phpmyadmin/commit/4bcc606225f15bac0b07780e74f667f6ac283da7","https://security.gentoo.org/glsa/201701-32","https://www.exploit-db.com/exploits/40185","https://www.phpmyadmin.net/security/PMASA-2016-27","https://web.archive.org/web/20200227223418/http://www.securityfocus.com/bid/91387","https://github.com/advisories/GHSA-rv57-479x-x4qv"],"source_kind":"github","identifiers":["GHSA-rv57-479x-x4qv","CVE-2016-5734"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2025-04-14T22:08:30.835Z","updated_at":"2026-04-04T19:03:29.988Z","epss_percentage":0.87019,"epss_percentile":0.99425,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ydjU3LTQ3OXgteDRxds4AAbaU","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1ydjU3LTQ3OXgteDRxds4AAbaU","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.6.3","vulnerable_version_range":"\u003e= 4.6.0, \u003c 4.6.3"},{"first_patched_version":"4.4.15.7","vulnerable_version_range":"\u003e= 4.4.15.0, \u003c 4.4.15.7"},{"first_patched_version":"4.0.10.16","vulnerable_version_range":"\u003e= 4.0.10.0, \u003c 4.0.10.16"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ydjU3LTQ3OXgteDRxds4AAbaU/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1nY3ZwLWN3Z3ctd3g4as4AAbaY","url":"https://github.com/advisories/GHSA-gcvp-cwgw-wx8j","title":"phpMyAdmin XSS Vulnerability","description":"Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T02:37:29.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.1,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-5704","https://github.com/phpmyadmin/phpmyadmin/commit/72213573182896bd6a6e5af5ba1881dd87c4a20b","https://security.gentoo.org/glsa/201701-32","https://www.phpmyadmin.net/security/PMASA-2016-20/","https://github.com/advisories/GHSA-gcvp-cwgw-wx8j"],"source_kind":"github","identifiers":["GHSA-gcvp-cwgw-wx8j","CVE-2016-5704"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2023-07-31T20:03:59.359Z","updated_at":"2026-04-04T19:08:12.355Z","epss_percentage":0.00277,"epss_percentile":0.50797,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nY3ZwLWN3Z3ctd3g4as4AAbaY","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1nY3ZwLWN3Z3ctd3g4as4AAbaY","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.6.3","vulnerable_version_range":"\u003e= 4.6.0, \u003c 4.6.3"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nY3ZwLWN3Z3ctd3g4as4AAbaY/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1qZm1qLTI3ZnAtcXA2N84AAbaA","url":"https://github.com/advisories/GHSA-jfmj-27fp-qp67","title":"phpMyAdmin Cross-site Scripting (XSS)","description":"XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the \"Remove partitioning\" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions (prior to 4.6.4) are affected.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T02:37:28.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.1,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-6608","https://security.gentoo.org/glsa/201701-32","https://www.phpmyadmin.net/security/PMASA-2016-31","http://www.securityfocus.com/bid/93258","https://github.com/advisories/GHSA-jfmj-27fp-qp67"],"source_kind":"github","identifiers":["GHSA-jfmj-27fp-qp67","CVE-2016-6608"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-04-24T19:05:10.110Z","updated_at":"2026-04-04T19:06:12.222Z","epss_percentage":0.00452,"epss_percentile":0.63527,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qZm1qLTI3ZnAtcXA2N84AAbaA","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1qZm1qLTI3ZnAtcXA2N84AAbaA","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.6.4","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.4"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qZm1qLTI3ZnAtcXA2N84AAbaA/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS0ybWNqLTNyM3ItdjV3bc4AAbZ5","url":"https://github.com/advisories/GHSA-2mcj-3r3r-v5wm","title":"phpMyAdmin DoS Vulnerability","description":"An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T02:37:25.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-6623","https://security.gentoo.org/glsa/201701-32","https://www.phpmyadmin.net/security/PMASA-2016-46","https://web.archive.org/web/20210123204343/http://www.securityfocus.com/bid/95052","https://github.com/advisories/GHSA-2mcj-3r3r-v5wm"],"source_kind":"github","identifiers":["GHSA-2mcj-3r3r-v5wm","CVE-2016-6623"],"repository_url":null,"blast_radius":0.0,"created_at":"2023-07-31T20:03:59.372Z","updated_at":"2026-04-04T19:08:12.355Z","epss_percentage":0.0055,"epss_percentile":0.67518,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0ybWNqLTNyM3ItdjV3bc4AAbZ5","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS0ybWNqLTNyM3ItdjV3bc4AAbZ5","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.10.17","vulnerable_version_range":"\u003e= 4.0.0, \u003c 4.0.10.17"},{"first_patched_version":"4.4.15.8","vulnerable_version_range":"\u003e= 4.4.0, \u003c 4.4.15.8"},{"first_patched_version":"4.6.4","vulnerable_version_range":"\u003e= 4.6.0, \u003c 4.6.4"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0ybWNqLTNyM3ItdjV3bc4AAbZ5/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1taHhqLTZ2ZjgtbXd2M84AAbZ6","url":"https://github.com/advisories/GHSA-mhxj-6vf8-mwv3","title":"phpMyAdmin IPv6 and proxy server IP-based authentication rule circumvention","description":"An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T02:37:25.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-6624","https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html","https://security.gentoo.org/glsa/201701-32","https://www.phpmyadmin.net/security/PMASA-2016-47","http://www.securityfocus.com/bid/92489","https://github.com/advisories/GHSA-mhxj-6vf8-mwv3"],"source_kind":"github","identifiers":["GHSA-mhxj-6vf8-mwv3","CVE-2016-6624"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-04-24T19:05:10.084Z","updated_at":"2026-04-04T19:06:12.221Z","epss_percentage":0.003,"epss_percentile":0.52858,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1taHhqLTZ2ZjgtbXd2M84AAbZ6","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1taHhqLTZ2ZjgtbXd2M84AAbZ6","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.10.17","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.17"},{"first_patched_version":"4.4.15.8","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.8"},{"first_patched_version":"4.6.4","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.4"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1taHhqLTZ2ZjgtbXd2M84AAbZ6/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS02ajJ2LWc5cmctcWNtNc4AAbZ7","url":"https://github.com/advisories/GHSA-6j2v-g9rg-qcm5","title":"phpMyAdmin Local file exposure through symlinks with UploadDir","description":"An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T02:37:25.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-6613","https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html","https://security.gentoo.org/glsa/201701-32","https://www.phpmyadmin.net/security/PMASA-2016-36","http://www.securityfocus.com/bid/94115","https://github.com/advisories/GHSA-6j2v-g9rg-qcm5"],"source_kind":"github","identifiers":["GHSA-6j2v-g9rg-qcm5","CVE-2016-6613"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-04-24T18:05:06.132Z","updated_at":"2026-04-04T19:06:13.889Z","epss_percentage":0.00411,"epss_percentile":0.60743,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02ajJ2LWc5cmctcWNtNc4AAbZ7","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS02ajJ2LWc5cmctcWNtNc4AAbZ7","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.10.17","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.17"},{"first_patched_version":"4.4.15.8","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.8"},{"first_patched_version":"4.6.4","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.4"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02ajJ2LWc5cmctcWNtNc4AAbZ7/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1mY2dtLTYycDMtZjdjbc4AAbZ8","url":"https://github.com/advisories/GHSA-fcgm-62p3-f7cm","title":"phpMyAdmin Local file exposure","description":"An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T02:37:25.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-6612","https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html","https://security.gentoo.org/glsa/201701-32","https://www.phpmyadmin.net/security/PMASA-2016-35","http://www.securityfocus.com/bid/94113","https://github.com/advisories/GHSA-fcgm-62p3-f7cm"],"source_kind":"github","identifiers":["GHSA-fcgm-62p3-f7cm","CVE-2016-6612"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-04-24T18:05:06.160Z","updated_at":"2026-04-04T19:06:13.890Z","epss_percentage":0.00411,"epss_percentile":0.60743,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mY2dtLTYycDMtZjdjbc4AAbZ8","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1mY2dtLTYycDMtZjdjbc4AAbZ8","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.10.17","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.17"},{"first_patched_version":"4.4.15.8","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.8"},{"first_patched_version":"4.6.4","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.4"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mY2dtLTYycDMtZjdjbc4AAbZ8/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1yNjQzLTd4ZmctcHBjNc4AAbZ3","url":"https://github.com/advisories/GHSA-r643-7xfg-ppc5","title":"phpMyAdmin allows to detect if user is logged in","description":"An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T02:37:15.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.3,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-6625","https://security.gentoo.org/glsa/201701-32","https://www.phpmyadmin.net/security/PMASA-2016-48","http://www.securityfocus.com/bid/92491","https://github.com/advisories/GHSA-r643-7xfg-ppc5"],"source_kind":"github","identifiers":["GHSA-r643-7xfg-ppc5","CVE-2016-6625"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-04-24T19:05:10.055Z","updated_at":"2026-04-04T19:06:12.220Z","epss_percentage":0.00275,"epss_percentile":0.505,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yNjQzLTd4ZmctcHBjNc4AAbZ3","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1yNjQzLTd4ZmctcHBjNc4AAbZ3","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.10.17","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.17"},{"first_patched_version":"4.4.15.8","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.8"},{"first_patched_version":"4.6.4","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.4"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yNjQzLTd4ZmctcHBjNc4AAbZ3/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS01NjdyLXZxajctNWN3N84AAbZ2","url":"https://github.com/advisories/GHSA-567r-vqj7-5cw7","title":"phpMyAdmin Authentication Bypass","description":"An issue was discovered in phpMyAdmin involving the `$cfg['ArbitraryServerRegexp']` configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2022-05-17T02:37:14.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":9.8,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-6629","https://security.gentoo.org/glsa/201701-32","https://www.phpmyadmin.net/security/PMASA-2016-52","https://web.archive.org/web/20210725054025/http://www.securityfocus.com/bid/92493","https://github.com/advisories/GHSA-567r-vqj7-5cw7"],"source_kind":"github","identifiers":["GHSA-567r-vqj7-5cw7","CVE-2016-6629"],"repository_url":null,"blast_radius":0.0,"created_at":"2023-07-31T20:03:59.345Z","updated_at":"2026-04-04T19:09:36.541Z","epss_percentage":0.0032,"epss_percentile":0.54793,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01NjdyLXZxajctNWN3N84AAbZ2","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS01NjdyLXZxajctNWN3N84AAbZ2","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.10.17","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.17"},{"first_patched_version":"4.4.15.8","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.8"},{"first_patched_version":"4.6.4","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.4"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01NjdyLXZxajctNWN3N84AAbZ2/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1waGhtLTYzeHgtdjlycs4AAbZy","url":"https://github.com/advisories/GHSA-phhm-63xx-v9rr","title":"phpMyAdmin Reflected File Download attack","description":"An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T02:37:14.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.3,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-6628","https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html","https://security.gentoo.org/glsa/201701-32","https://www.phpmyadmin.net/security/PMASA-2016-51","http://www.securityfocus.com/bid/92492","https://github.com/advisories/GHSA-phhm-63xx-v9rr"],"source_kind":"github","identifiers":["GHSA-phhm-63xx-v9rr","CVE-2016-6628"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-04-24T18:05:06.188Z","updated_at":"2026-04-04T19:06:13.891Z","epss_percentage":0.00258,"epss_percentile":0.49008,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1waGhtLTYzeHgtdjlycs4AAbZy","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1waGhtLTYzeHgtdjlycs4AAbZy","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.10.17","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.17"},{"first_patched_version":"4.4.15.8","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.8"},{"first_patched_version":"4.6.4","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.4"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1waGhtLTYzeHgtdjlycs4AAbZy/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS00MjZxLTk3NXAtdzVjcs4AAbZv","url":"https://github.com/advisories/GHSA-426q-975p-w5cr","title":"phpMyAdmin Denial of service (DOS) attack with dbase extension","description":"An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T02:37:10.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-6632","https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html","https://security.gentoo.org/glsa/201701-32","https://www.phpmyadmin.net/security/PMASA-2016-55","http://www.securityfocus.com/bid/92497","https://github.com/advisories/GHSA-426q-975p-w5cr"],"source_kind":"github","identifiers":["GHSA-426q-975p-w5cr","CVE-2016-6632"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-04-24T19:05:10.029Z","updated_at":"2026-04-04T19:06:12.219Z","epss_percentage":0.00567,"epss_percentile":0.6762,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00MjZxLTk3NXAtdzVjcs4AAbZv","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS00MjZxLTk3NXAtdzVjcs4AAbZv","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.10.17","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.17"},{"first_patched_version":"4.4.15.8","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.8"},{"first_patched_version":"4.6.4","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.4"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00MjZxLTk3NXAtdzVjcs4AAbZv/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1wODQ5LXZmNWYtZjN4N84AAbZt","url":"https://github.com/advisories/GHSA-p849-vf5f-f3x7","title":"phpMyAdmin Remote code execution vulnerability when PHP is running with dbase extension","description":"An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-17T02:37:10.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.1,"cvss_vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-6633","https://security.gentoo.org/glsa/201701-32","https://www.phpmyadmin.net/security/PMASA-2016-56","http://www.securityfocus.com/bid/92500","https://github.com/advisories/GHSA-p849-vf5f-f3x7"],"source_kind":"github","identifiers":["GHSA-p849-vf5f-f3x7","CVE-2016-6633"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-04-24T19:05:09.997Z","updated_at":"2026-04-04T19:06:12.218Z","epss_percentage":0.01833,"epss_percentile":0.82502,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wODQ5LXZmNWYtZjN4N84AAbZt","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1wODQ5LXZmNWYtZjN4N84AAbZt","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.10.17","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.17"},{"first_patched_version":"4.4.15.8","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.8"},{"first_patched_version":"4.6.4","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.4"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wODQ5LXZmNWYtZjN4N84AAbZt/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS05eGhxLXBtN3YtNjkzcM4AAbZM","url":"https://github.com/advisories/GHSA-9xhq-pm7v-693p","title":"phpMyAdmin Cryptographic Vulnerability","description":"An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T02:36:42.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-9847","https://security.gentoo.org/glsa/201701-32","https://www.phpmyadmin.net/security/PMASA-2016-58","https://web.archive.org/web/20210123194700/http://www.securityfocus.com/bid/94524","https://github.com/advisories/GHSA-9xhq-pm7v-693p"],"source_kind":"github","identifiers":["GHSA-9xhq-pm7v-693p","CVE-2016-9847"],"repository_url":null,"blast_radius":0.0,"created_at":"2023-07-31T22:03:48.329Z","updated_at":"2026-04-04T19:09:36.533Z","epss_percentage":0.00432,"epss_percentile":0.62509,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05eGhxLXBtN3YtNjkzcM4AAbZM","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS05eGhxLXBtN3YtNjkzcM4AAbZM","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.10.18","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.18"},{"first_patched_version":"4.4.15.9","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.9"},{"first_patched_version":"4.6.5","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.5"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05eGhxLXBtN3YtNjkzcM4AAbZM/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1ybW1mLTV4aGgtZ2cyN84AAbY0","url":"https://github.com/advisories/GHSA-rmmf-5xhh-gg27","title":"phpMyAdmin path disclosure","description":"An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the fopen wrapper issue.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T02:36:38.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-9853","https://security.gentoo.org/glsa/201701-32","https://www.phpmyadmin.net/security/PMASA-2016-63","https://web.archive.org/web/20210127193655/http://www.securityfocus.com/bid/94527","https://github.com/advisories/GHSA-rmmf-5xhh-gg27"],"source_kind":"github","identifiers":["GHSA-rmmf-5xhh-gg27","CVE-2016-9853"],"repository_url":null,"blast_radius":0.0,"created_at":"2023-07-31T22:03:48.360Z","updated_at":"2026-04-04T19:08:12.356Z","epss_percentage":0.00851,"epss_percentile":0.745,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ybW1mLTV4aGgtZ2cyN84AAbY0","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1ybW1mLTV4aGgtZ2cyN84AAbY0","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.4.15.9","vulnerable_version_range":"\u003e= 4.4.0, \u003c 4.4.15.9"},{"first_patched_version":"4.6.5","vulnerable_version_range":"\u003e= 4.6.0, \u003c 4.6.5"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ybW1mLTV4aGgtZ2cyN84AAbY0/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1yMnZ3LXA3N2YtdmMyN84AAbYy","url":"https://github.com/advisories/GHSA-r2vw-p77f-vc27","title":"phpMyAdmin Bypass logout timeout","description":"An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T02:36:38.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-9851","https://security.gentoo.org/glsa/201701-32","https://www.phpmyadmin.net/security/PMASA-2016-62","http://www.securityfocus.com/bid/94534","https://github.com/advisories/GHSA-r2vw-p77f-vc27"],"source_kind":"github","identifiers":["GHSA-r2vw-p77f-vc27","CVE-2016-9851"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-04-24T19:05:09.969Z","updated_at":"2026-04-04T19:06:12.218Z","epss_percentage":0.00241,"epss_percentile":0.47276,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yMnZ3LXA3N2YtdmMyN84AAbYy","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1yMnZ3LXA3N2YtdmMyN84AAbYy","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.4.15.9","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.9"},{"first_patched_version":"4.6.5","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.5"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yMnZ3LXA3N2YtdmMyN84AAbYy/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1obW14LXd4aDQtOXc4d84AAbY7","url":"https://github.com/advisories/GHSA-hmmx-wxh4-9w8w","title":"phpMyAdmin XSS Vulnerability","description":"An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T02:36:38.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.1,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-9857","https://security.gentoo.org/glsa/201701-32","https://www.phpmyadmin.net/security/PMASA-2016-64","https://web.archive.org/web/20210123194716/http://www.securityfocus.com/bid/94530","https://github.com/advisories/GHSA-hmmx-wxh4-9w8w"],"source_kind":"github","identifiers":["GHSA-hmmx-wxh4-9w8w","CVE-2016-9857"],"repository_url":null,"blast_radius":0.0,"created_at":"2023-07-31T22:03:48.373Z","updated_at":"2026-04-04T19:09:36.534Z","epss_percentage":0.00418,"epss_percentile":0.61502,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1obW14LXd4aDQtOXc4d84AAbY7","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1obW14LXd4aDQtOXc4d84AAbY7","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.10.18","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.18"},{"first_patched_version":"4.4.15.9","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.9"},{"first_patched_version":"4.6.5","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.5"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1obW14LXd4aDQtOXc4d84AAbY7/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1yMzI2LW1wOGctNnhmY84AAbY5","url":"https://github.com/advisories/GHSA-r326-mp8g-6xfc","title":"phpMyAdmin Bypass white-list protection for URL redirection","description":"An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-17T02:36:37.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-9861","https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html","https://security.gentoo.org/glsa/201701-32","https://www.phpmyadmin.net/security/PMASA-2016-66","http://www.securityfocus.com/bid/94535","https://github.com/advisories/GHSA-r326-mp8g-6xfc"],"source_kind":"github","identifiers":["GHSA-r326-mp8g-6xfc","CVE-2016-9861"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-04-24T18:05:06.248Z","updated_at":"2026-04-04T19:06:13.897Z","epss_percentage":0.00246,"epss_percentile":0.4775,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yMzI2LW1wOGctNnhmY84AAbY5","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1yMzI2LW1wOGctNnhmY84AAbY5","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.10.18","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.18"},{"first_patched_version":"4.4.15.9","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.9"},{"first_patched_version":"4.6.5","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.5"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yMzI2LW1wOGctNnhmY84AAbY5/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS0zaHc1LWZmZmMtcXJnNM4AAbY3","url":"https://github.com/advisories/GHSA-3hw5-fffc-qrg4","title":"phpMyAdmin Denial of Service (DoS)","description":"An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T02:36:37.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-9860","https://security.gentoo.org/glsa/201701-32","https://www.phpmyadmin.net/security/PMASA-2016-65","http://www.securityfocus.com/bid/94525","https://github.com/advisories/GHSA-3hw5-fffc-qrg4"],"source_kind":"github","identifiers":["GHSA-3hw5-fffc-qrg4","CVE-2016-9860"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-04-24T18:05:06.217Z","updated_at":"2026-04-04T19:06:13.893Z","epss_percentage":0.01016,"epss_percentile":0.76515,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zaHc1LWZmZmMtcXJnNM4AAbY3","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS0zaHc1LWZmZmMtcXJnNM4AAbY3","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.10.18","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.18"},{"first_patched_version":"4.4.15.9","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.9"},{"first_patched_version":"4.6.5","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.5"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zaHc1LWZmZmMtcXJnNM4AAbY3/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1qOG14LXgzMnItNXJmNM4AAbYu","url":"https://github.com/advisories/GHSA-j8mx-x32r-5rf4","title":"phpMyAdmin XSS Vulnerability","description":"An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T02:36:37.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.1,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-9856","https://security.gentoo.org/glsa/201701-32","https://www.phpmyadmin.net/security/PMASA-2016-64","https://web.archive.org/web/20210123194716/http://www.securityfocus.com/bid/94530","https://github.com/advisories/GHSA-j8mx-x32r-5rf4"],"source_kind":"github","identifiers":["GHSA-j8mx-x32r-5rf4","CVE-2016-9856"],"repository_url":null,"blast_radius":0.0,"created_at":"2023-07-31T22:03:48.385Z","updated_at":"2026-04-04T19:09:36.535Z","epss_percentage":0.00418,"epss_percentile":0.61502,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qOG14LXgzMnItNXJmNM4AAbYu","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1qOG14LXgzMnItNXJmNM4AAbYu","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.10.18","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.18"},{"first_patched_version":"4.4.15.9","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.9"},{"first_patched_version":"4.6.5","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.5"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qOG14LXgzMnItNXJmNM4AAbYu/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1xZ3JxLTY0ZzYtbW1oNs4AAbYt","url":"https://github.com/advisories/GHSA-qgrq-64g6-mmh6","title":"phpMyAdmin DoS Vulnerability","description":"An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-17T02:36:36.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-9863","https://security.gentoo.org/glsa/201701-32","https://www.phpmyadmin.net/security/PMASA-2016-68","https://web.archive.org/web/20210123194704/http://www.securityfocus.com/bid/94526","https://github.com/advisories/GHSA-qgrq-64g6-mmh6"],"source_kind":"github","identifiers":["GHSA-qgrq-64g6-mmh6","CVE-2016-9863"],"repository_url":null,"blast_radius":0.0,"created_at":"2023-07-31T22:03:48.398Z","updated_at":"2026-04-04T19:08:12.356Z","epss_percentage":0.00605,"epss_percentile":0.695,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xZ3JxLTY0ZzYtbW1oNs4AAbYt","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1xZ3JxLTY0ZzYtbW1oNs4AAbYt","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.6.5","vulnerable_version_range":"\u003e= 4.6.0, \u003c 4.6.5"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xZ3JxLTY0ZzYtbW1oNs4AAbYt/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1qdnh4LTh4eGYtNTQ5Nc4AAbYo","url":"https://github.com/advisories/GHSA-jvxx-8xxf-5495","title":"phpMyAdmin CSRF Vulnerability","description":"An issue was discovered in phpMyAdmin. When the arg_separator is different from its default \u0026 value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2022-05-17T02:36:23.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":9.8,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-9866","https://security.gentoo.org/glsa/201701-32","https://www.phpmyadmin.net/security/PMASA-2016-71","https://web.archive.org/web/20210123194736/http://www.securityfocus.com/bid/94536","https://github.com/advisories/GHSA-jvxx-8xxf-5495"],"source_kind":"github","identifiers":["GHSA-jvxx-8xxf-5495","CVE-2016-9866"],"repository_url":null,"blast_radius":0.0,"created_at":"2023-07-31T22:03:48.410Z","updated_at":"2026-04-04T19:08:12.358Z","epss_percentage":0.00222,"epss_percentile":0.4489,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qdnh4LTh4eGYtNTQ5Nc4AAbYo","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1qdnh4LTh4eGYtNTQ5Nc4AAbYo","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.10.18","vulnerable_version_range":"\u003e= 4.0.0, \u003c 4.0.10.18"},{"first_patched_version":"4.4.15.9","vulnerable_version_range":"\u003e= 4.4.0, \u003c 4.4.15.9"},{"first_patched_version":"4.6.5","vulnerable_version_range":"\u003e= 4.6.0, \u003c 4.6.5"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qdnh4LTh4eGYtNTQ5Nc4AAbYo/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1qMmNxLWg2djItZjg3Nc4AAbHd","url":"https://github.com/advisories/GHSA-j2cq-h6v2-f875","title":"phpMyAdmin Cookie attribute injection attack","description":"A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-17T02:25:46.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2017-1000016","https://www.phpmyadmin.net/security/PMASA-2017-5","https://github.com/phpmyadmin/phpmyadmin/commit/3b6ed1f","https://github.com/advisories/GHSA-j2cq-h6v2-f875"],"source_kind":"github","identifiers":["GHSA-j2cq-h6v2-f875","CVE-2017-1000016"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2024-04-24T18:05:06.437Z","updated_at":"2026-04-04T19:06:13.950Z","epss_percentage":0.00488,"epss_percentile":0.64778,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qMmNxLWg2djItZjg3Nc4AAbHd","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1qMmNxLWg2djItZjg3Nc4AAbHd","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.6.6","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.6"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qMmNxLWg2djItZjg3Nc4AAbHd/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS13Y21tLTI4cmctbWczcs4AAag9","url":"https://github.com/advisories/GHSA-wcmm-28rg-mg3r","title":"phpMyAdmin allows remote attackers to obtain installation path via direct request for nonexistent file","description":"phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T02:01:32.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2011-0986","https://exchange.xforce.ibmcloud.com/vulnerabilities/65424","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054349.html","http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054355.html","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=035d002db1e1201e73e560d7d98591563b506a83","http://www.mandriva.com/security/advisories?name=MDVSA-2011:026","http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=035d002db1e1201e73e560d7d98591563b506a83","https://github.com/advisories/GHSA-wcmm-28rg-mg3r"],"source_kind":"github","identifiers":["GHSA-wcmm-28rg-mg3r","CVE-2011-0986"],"repository_url":"https://sourceforge.net/projects/phpmyadmin.sourceforge.net","blast_radius":0.0,"created_at":"2025-04-12T02:07:45.594Z","updated_at":"2026-04-04T19:03:31.473Z","epss_percentage":0.00546,"epss_percentile":0.67509,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13Y21tLTI4cmctbWczcs4AAag9","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS13Y21tLTI4cmctbWczcs4AAag9","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"3.3.9.1","vulnerable_version_range":"\u003e= 3.3.0, \u003c 3.3.9.1"},{"first_patched_version":"2.11.11.2","vulnerable_version_range":"\u003e= 2.11.0, \u003c 2.11.11.2"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13Y21tLTI4cmctbWczcs4AAag9/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS14aHFxLTU1NGotcDR4OM4AAaWI","url":"https://github.com/advisories/GHSA-xhqq-554j-p4x8","title":"phpMyAdmin Directory Traversal Vulnerability","description":"Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) `libraries/schema/User_Schema.class.php` and (2) `schema_export.php`.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T01:54:30.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2011-2718","https://bugzilla.redhat.com/show_bug.cgi?id=725383","https://exchange.xforce.ibmcloud.com/vulnerabilities/68768","http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html","http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393","http://www.openwall.com/lists/oss-security/2011/07/25/4","http://www.openwall.com/lists/oss-security/2011/07/26/10","http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393","https://github.com/phpmyadmin/phpmyadmin/commit/3ae58f0cd6b89ad4767920f9b214c38d3f6d4393","https://web.archive.org/web/20120111084137/http://www.securityfocus.com/bid/48874","https://web.archive.org/web/20121105034518/http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124","https://github.com/advisories/GHSA-xhqq-554j-p4x8"],"source_kind":"github","identifiers":["GHSA-xhqq-554j-p4x8","CVE-2011-2718"],"repository_url":"https://sourceforge.net/projects/phpmyadmin.sourceforge.net","blast_radius":0.0,"created_at":"2024-01-15T19:05:56.255Z","updated_at":"2026-04-04T19:07:27.749Z","epss_percentage":0.01003,"epss_percentile":0.76503,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14aHFxLTU1NGotcDR4OM4AAaWI","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS14aHFxLTU1NGotcDR4OM4AAaWI","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"3.4.3.2","vulnerable_version_range":"\u003e= 3.4, \u003c 3.4.3.2"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14aHFxLTU1NGotcDR4OM4AAaWI/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1xNG1tLTg5cTIteGZmZ84AAaS8","url":"https://github.com/advisories/GHSA-q4mm-89q2-xffg","title":"phpMyAdmin vulnerable to XML external entity (XXE) injection attack","description":"The `simplexml_load_string` function in the XML import plug-in (`libraries/import/xml.php`) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T01:52:29.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2011-4107","https://bugzilla.redhat.com/show_bug.cgi?id=751112","https://exchange.xforce.ibmcloud.com/vulnerabilities/71108","http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html","http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html","http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html","http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt","http://seclists.org/fulldisclosure/2011/Nov/21","http://securityreason.com/securityalert/8533","http://www.debian.org/security/2012/dsa-2391","http://www.openwall.com/lists/oss-security/2011/11/03/3","http://www.openwall.com/lists/oss-security/2011/11/03/5","http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php","https://github.com/phpmyadmin/phpmyadmin/commit/2fbf631384fd8cded55f4500cb87b129442f9ed2","https://github.com/phpmyadmin/phpmyadmin/commit/34d99de000de9d15cfdf5e9cc8b7682d51110bbd","https://github.com/phpmyadmin/phpmyadmin/commit/5fa86b8e81565c15ddbc359e8f59ecd829a2b717","https://github.com/phpmyadmin/phpmyadmin/commit/a5e206fbd2ca814042cfc1bb7dd3b40c28ce3fb5","https://github.com/advisories/GHSA-q4mm-89q2-xffg"],"source_kind":"github","identifiers":["GHSA-q4mm-89q2-xffg","CVE-2011-4107"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2024-02-09T17:04:48.846Z","updated_at":"2026-04-04T19:07:02.495Z","epss_percentage":0.12434,"epss_percentile":0.93771,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xNG1tLTg5cTIteGZmZ84AAaS8","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1xNG1tLTg5cTIteGZmZ84AAaS8","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"3.3.10.5","vulnerable_version_range":"\u003e= 3.3.0, \u003c 3.3.10.5"},{"first_patched_version":"3.4.7.1","vulnerable_version_range":"\u003e= 3.4.0, \u003c 3.4.7.1"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xNG1tLTg5cTIteGZmZ84AAaS8/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS0yaDIzLWM5NzMteDYzcc4AAaRs","url":"https://github.com/advisories/GHSA-2h23-c973-x63q","title":"phpMyAdmin Cross-site Scripting vulnerability","description":"Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2022-05-17T01:51:40.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":1.3,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U","references":["https://nvd.nist.gov/vuln/detail/CVE-2011-4782","https://exchange.xforce.ibmcloud.com/vulnerabilities/71938","http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html","http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071537.html","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=0e707906e69ce90c4852a0fce2a0fac7db86a3cd","http://www.mandriva.com/security/advisories?name=MDVSA-2011:198","http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=0e707906e69ce90c4852a0fce2a0fac7db86a3cd","https://github.com/advisories/GHSA-2h23-c973-x63q"],"source_kind":"github","identifiers":["GHSA-2h23-c973-x63q","CVE-2011-4782"],"repository_url":"https://sourceforge.net/projects/phpmyadmin.sourceforge.net","blast_radius":1.5289186367723857,"created_at":"2025-04-12T03:07:47.544Z","updated_at":"2026-04-04T19:03:31.467Z","epss_percentage":0.00475,"epss_percentile":0.64515,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yaDIzLWM5NzMteDYzcc4AAaRs","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS0yaDIzLWM5NzMteDYzcc4AAaRs","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"3.4.9","vulnerable_version_range":"\u003e= 3.4.0, \u003c 3.4.9"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yaDIzLWM5NzMteDYzcc4AAaRs/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1ncW1qLWY0Nngtd3Fod84AAXSy","url":"https://github.com/advisories/GHSA-gqmj-f46x-wqhw","title":"phpMyAdmin Cross-site scripting (XSS) vulnerability in central columns feature","description":"Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-14T03:40:06.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.4,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-7260","https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3","http://www.securityfocus.com/bid/103099","https://udiniya.wordpress.com/2018/02/21/a-tale-of-stealing-session-cookie-in-phpmyadmin","https://www.phpmyadmin.net/security/PMASA-2018-1","https://github.com/advisories/GHSA-gqmj-f46x-wqhw"],"source_kind":"github","identifiers":["GHSA-gqmj-f46x-wqhw","CVE-2018-7260"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2024-04-24T18:05:06.274Z","updated_at":"2026-04-04T19:06:13.905Z","epss_percentage":0.00302,"epss_percentile":0.53014,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ncW1qLWY0Nngtd3Fod84AAXSy","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1ncW1qLWY0Nngtd3Fod84AAXSy","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.7.8","vulnerable_version_range":"\u003c 4.7.8"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ncW1qLWY0Nngtd3Fod84AAXSy/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12NmZwLWg3OXgtOXJxY84AAW3K","url":"https://github.com/advisories/GHSA-v6fp-h79x-9rqc","title":"phpMyAdmin CSRF vulnerability allowing arbitrary SQL execution","description":"phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-14T03:22:27.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.8,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-10188","http://www.securityfocus.com/bid/103936","http://www.securitytracker.com/id/1040752","https://github.com/phpmyadmin/phpmyadmin/commit/c6dd6b56e236a3aff953cee4135ecaa67130e641","https://www.exploit-db.com/exploits/44496","https://www.phpmyadmin.net/security/PMASA-2018-2","https://github.com/advisories/GHSA-v6fp-h79x-9rqc"],"source_kind":"github","identifiers":["GHSA-v6fp-h79x-9rqc","CVE-2018-10188"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2024-04-24T18:05:06.301Z","updated_at":"2026-04-04T19:06:13.910Z","epss_percentage":0.00935,"epss_percentile":0.75592,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NmZwLWg3OXgtOXJxY84AAW3K","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12NmZwLWg3OXgtOXJxY84AAW3K","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.8.0.1","vulnerable_version_range":"\u003e= 4.8, \u003c 4.8.0.1"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NmZwLWg3OXgtOXJxY84AAW3K/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS13cHd3LWh4N3gteGZqaM4AAWq0","url":"https://github.com/advisories/GHSA-wpww-hx7x-xfjh","title":"phpMyAdmin PHP code injection","description":"An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-14T03:14:46.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.8,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-6609","https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html","https://security.gentoo.org/glsa/201701-32","https://www.phpmyadmin.net/security/PMASA-2016-32","http://www.securityfocus.com/bid/94112","https://github.com/advisories/GHSA-wpww-hx7x-xfjh"],"source_kind":"github","identifiers":["GHSA-wpww-hx7x-xfjh","CVE-2016-6609"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-04-24T19:05:09.944Z","updated_at":"2026-04-04T19:06:12.217Z","epss_percentage":0.00425,"epss_percentile":0.61527,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13cHd3LWh4N3gteGZqaM4AAWq0","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS13cHd3LWh4N3gteGZqaM4AAWq0","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.10.17","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.17"},{"first_patched_version":"4.4.15.8","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.8"},{"first_patched_version":"4.6.4","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.4"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13cHd3LWh4N3gteGZqaM4AAWq0/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1xZjNmLTd4NjktcWZ2M84AAWq5","url":"https://github.com/advisories/GHSA-qf3f-7x69-qfv3","title":"phpMyAdmin DoS Vulnerability","description":"An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with `$cfg['AllowArbitraryServer']=true`. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-14T03:14:46.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-6622","https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html","https://security.gentoo.org/glsa/201701-32","https://www.phpmyadmin.net/security/PMASA-2016-45","https://web.archive.org/web/20210125183746/http://www.securityfocus.com/bid/95049","https://github.com/advisories/GHSA-qf3f-7x69-qfv3"],"source_kind":"github","identifiers":["GHSA-qf3f-7x69-qfv3","CVE-2016-6622"],"repository_url":null,"blast_radius":0.0,"created_at":"2023-07-31T19:03:51.221Z","updated_at":"2026-04-04T19:09:36.542Z","epss_percentage":0.01016,"epss_percentile":0.76515,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xZjNmLTd4NjktcWZ2M84AAWq5","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1xZjNmLTd4NjktcWZ2M84AAWq5","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.10.17","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.17"},{"first_patched_version":"4.4.15.8","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.8"},{"first_patched_version":"4.6.4","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.4"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xZjNmLTd4NjktcWZ2M84AAWq5/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1ydjZtLWNodnYtd214Z84AAWq1","url":"https://github.com/advisories/GHSA-rv6m-chvv-wmxg","title":"phpMyAdmin Denial of service (DOS) attack in transformation feature","description":"An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-14T03:14:46.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-6618","https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html","https://security.gentoo.org/glsa/201701-32","https://www.phpmyadmin.net/security/PMASA-2016-41","http://www.securityfocus.com/bid/95047","https://github.com/advisories/GHSA-rv6m-chvv-wmxg"],"source_kind":"github","identifiers":["GHSA-rv6m-chvv-wmxg","CVE-2016-6618"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-04-24T19:05:09.916Z","updated_at":"2026-04-04T19:06:12.216Z","epss_percentage":0.0055,"epss_percentile":0.67518,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ydjZtLWNodnYtd214Z84AAWq1","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1ydjZtLWNodnYtd214Z84AAWq1","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.10.17","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.17"},{"first_patched_version":"4.4.15.8","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.8"},{"first_patched_version":"4.6.4","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.4"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ydjZtLWNodnYtd214Z84AAWq1/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS00NHZ2LW1tODYtN2NnNs4AAWq6","url":"https://github.com/advisories/GHSA-44vv-mm86-7cg6","title":"phpMyAdmin server-side request forgery (SSRF)","description":"The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-14T03:14:46.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.6,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-6621","https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html","https://www.phpmyadmin.net/security/PMASA-2016-44","https://github.com/advisories/GHSA-44vv-mm86-7cg6"],"source_kind":"github","identifiers":["GHSA-44vv-mm86-7cg6","CVE-2016-6621"],"repository_url":null,"blast_radius":0.0,"created_at":"2025-04-21T23:07:56.732Z","updated_at":"2026-04-04T19:03:27.277Z","epss_percentage":0.00389,"epss_percentile":0.59526,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00NHZ2LW1tODYtN2NnNs4AAWq6","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS00NHZ2LW1tODYtN2NnNs4AAWq6","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.10.19","vulnerable_version_range":"\u003c 4.0.10.19"},{"first_patched_version":"4.4.15.10","vulnerable_version_range":"\u003e= 4.4.0, \u003c 4.4.15.10"},{"first_patched_version":"4.6.6","vulnerable_version_range":"\u003e= 4.6.0, \u003c 4.6.6"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00NHZ2LW1tODYtN2NnNs4AAWq6/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12eGo2LXBtNnItMjNocc4AAWhg","url":"https://github.com/advisories/GHSA-vxj6-pm6r-23hq","title":"phpMyAdmin XSS Vulnerability","description":"An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-14T03:08:36.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.1,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-12581","https://www.phpmyadmin.net/security/PMASA-2018-3/","https://github.com/phpmyadmin/phpmyadmin/commit/6943fff87324bd54c3a37a5160a5fb77498c355e","https://web.archive.org/web/20210124181711/http://www.securityfocus.com/bid/104530","https://web.archive.org/web/20210413204012/http://www.securitytracker.com/id/1041187","https://github.com/advisories/GHSA-vxj6-pm6r-23hq"],"source_kind":"github","identifiers":["GHSA-vxj6-pm6r-23hq","CVE-2018-12581"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2023-07-25T22:03:39.408Z","updated_at":"2026-04-04T19:09:38.016Z","epss_percentage":0.0062,"epss_percentile":0.69642,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12eGo2LXBtNnItMjNocc4AAWhg","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12eGo2LXBtNnItMjNocc4AAWhg","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.8.2","vulnerable_version_range":"\u003c 4.8.2"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12eGo2LXBtNnItMjNocc4AAWhg/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12cWNtLXI2MnctdzQzN84AAWL3","url":"https://github.com/advisories/GHSA-vqcm-r62w-w437","title":"phpMyAdmin remote variable manipulation","description":"`libraries/auth/swekey/swekey.auth.lib.php` in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the `SESSION` superglobal array via a crafted request, related to a \"remote variable manipulation vulnerability.\"","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-14T02:55:16.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2011-2505","http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html","http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html","http://securityreason.com/securityalert/8306","http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/","http://www.debian.org/security/2011/dsa-2286","http://www.exploit-db.com/exploits/17514/","http://www.openwall.com/lists/oss-security/2011/06/28/2","http://www.openwall.com/lists/oss-security/2011/06/28/6","http://www.openwall.com/lists/oss-security/2011/06/28/8","http://www.openwall.com/lists/oss-security/2011/06/29/11","http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php","https://github.com/phpmyadmin/composer/commit/7ebd958b2bf59f96fecd5b3322bdbd0b244a7967","https://github.com/phpmyadmin/phpmyadmin/commit/6e6e129f26295c83d67b74e202628a4b8bc49e54","https://github.com/phpmyadmin/phpmyadmin/commit/7ebd958b2bf59f96fecd5b3322bdbd0b244a7967","https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt","https://web.archive.org/web/20111116172111/http://www.securityfocus.com/archive/1/518804/100/0/threaded","https://web.archive.org/web/20121105034518/http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124","https://github.com/advisories/GHSA-vqcm-r62w-w437"],"source_kind":"github","identifiers":["GHSA-vqcm-r62w-w437","CVE-2011-2505"],"repository_url":"https://github.com/phpmyadmin/composer","blast_radius":0.0,"created_at":"2024-01-15T18:05:57.528Z","updated_at":"2026-04-04T19:07:29.474Z","epss_percentage":0.37008,"epss_percentile":0.97113,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12cWNtLXI2MnctdzQzN84AAWL3","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12cWNtLXI2MnctdzQzN84AAWL3","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"3.3.10.2","vulnerable_version_range":"\u003e= 3.0, \u003c 3.3.10.2"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12cWNtLXI2MnctdzQzN84AAWL3/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1xNnZ3LTM5Y2ctd2pqZs4AAWL8","url":"https://github.com/advisories/GHSA-q6vw-39cg-wjjf","title":"phpMyAdmin Directory Traversal vulnerability","description":"Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta-\u003ename][transformation] parameter.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-14T02:55:16.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.4,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P","references":["https://nvd.nist.gov/vuln/detail/CVE-2011-2508","http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html","http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=b434320eff8ca9c2fc1b043c1804f868341af9a7","http://www.debian.org/security/2011/dsa-2286","http://www.mandriva.com/security/advisories?name=MDVSA-2011:124","http://www.openwall.com/lists/oss-security/2011/06/28/2","http://www.openwall.com/lists/oss-security/2011/06/28/6","http://www.openwall.com/lists/oss-security/2011/06/28/8","http://www.openwall.com/lists/oss-security/2011/06/29/11","http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=b434320eff8ca9c2fc1b043c1804f868341af9a7","https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt","https://web.archive.org/web/20111109175131/http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008","https://web.archive.org/web/20111217070727/http://www.securityfocus.com/archive/1/518804/100/0/threaded","https://web.archive.org/web/20111217173735/http://securityreason.com/securityalert/8306","https://web.archive.org/web/20250218012437/http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html","https://github.com/advisories/GHSA-q6vw-39cg-wjjf"],"source_kind":"github","identifiers":["GHSA-q6vw-39cg-wjjf","CVE-2011-2508"],"repository_url":"https://sourceforge.net/projects/phpmyadmin.sourceforge.net","blast_radius":8.703075317012042,"created_at":"2025-04-12T02:07:45.020Z","updated_at":"2026-04-04T19:03:31.471Z","epss_percentage":0.11174,"epss_percentile":0.92858,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xNnZ3LTM5Y2ctd2pqZs4AAWL8","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1xNnZ3LTM5Y2ctd2pqZs4AAWL8","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"3.4.3.1","vulnerable_version_range":"\u003e= 3.4.0, \u003c 3.4.3.1"},{"first_patched_version":"3.3.10.2","vulnerable_version_range":"\u003e= 3.3.0, \u003c 3.3.10.2"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xNnZ3LTM5Y2ctd2pqZs4AAWL8/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1wNmg3LTI5cjItZzg4Zs4AAWMM","url":"https://github.com/advisories/GHSA-p6h7-29r2-g88f","title":"phpMyAdmin vulnerable to static code injection","description":"`setup/lib/ConfigGenerator.class.php` in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-14T02:55:16.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2011-2506","http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html","http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html","http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f","http://securityreason.com/securityalert/8306","http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/","http://www.debian.org/security/2011/dsa-2286","http://www.exploit-db.com/exploits/17514/","http://www.openwall.com/lists/oss-security/2011/06/28/2","http://www.openwall.com/lists/oss-security/2011/06/28/6","http://www.openwall.com/lists/oss-security/2011/06/28/8","http://www.openwall.com/lists/oss-security/2011/06/29/11","http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php","https://github.com/phpmyadmin/phpmyadmin/commit/0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f","https://github.com/phpmyadmin/phpmyadmin/commit/2e01647949df937040e73a94ce0bac0daecbdcf4","https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt","https://web.archive.org/web/20111116172111/http://www.securityfocus.com/archive/1/518804/100/0/threaded","https://web.archive.org/web/20121105034518/http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124","https://github.com/advisories/GHSA-p6h7-29r2-g88f"],"source_kind":"github","identifiers":["GHSA-p6h7-29r2-g88f","CVE-2011-2506"],"repository_url":"https://sourceforge.net/projects/phpmyadmin.sourceforge.net","blast_radius":0.0,"created_at":"2024-01-15T18:05:57.567Z","updated_at":"2026-04-04T19:07:29.475Z","epss_percentage":0.33677,"epss_percentile":0.96899,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wNmg3LTI5cjItZzg4Zs4AAWMM","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1wNmg3LTI5cjItZzg4Zs4AAWMM","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"3.4.3.1","vulnerable_version_range":"\u003e= 3.4, \u003c 3.4.3.1"},{"first_patched_version":"3.3.10.2","vulnerable_version_range":"\u003e= 3.0, \u003c 3.3.10.2"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wNmg3LTI5cjItZzg4Zs4AAWMM/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1jOTU4LTRqOXgtcTd3NM4AAVTj","url":"https://github.com/advisories/GHSA-c958-4j9x-q7w4","title":"phpMyAdmin Cross-site Scripting (XSS) in the import dialog","description":"An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-14T02:18:52.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.1,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-15605","https://github.com/phpmyadmin/phpmyadmin/commit/00d90b3ae415b31338f76263359467a9fbebd0a1","http://www.securityfocus.com/bid/105168","http://www.securitytracker.com/id/1041548","https://www.phpmyadmin.net/security/PMASA-2018-5","https://github.com/advisories/GHSA-c958-4j9x-q7w4"],"source_kind":"github","identifiers":["GHSA-c958-4j9x-q7w4","CVE-2018-15605"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2024-04-24T19:05:09.887Z","updated_at":"2026-04-04T19:06:12.215Z","epss_percentage":0.00675,"epss_percentile":0.70821,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jOTU4LTRqOXgtcTd3NM4AAVTj","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1jOTU4LTRqOXgtcTd3NM4AAVTj","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.8.3","vulnerable_version_range":"\u003c 4.8.3"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jOTU4LTRqOXgtcTd3NM4AAVTj/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS02d2ZqLTJtdzctcDVjZ84AAVFR","url":"https://github.com/advisories/GHSA-6wfj-2mw7-p5cg","title":"phpMyAdmin micro history Implementation XSS Vulnerability","description":"Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-14T02:09:44.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2014-6300","https://github.com/phpmyadmin/phpmyadmin/commit/33b39f9f1dd9a4d27856530e5ac004e23b30e8ac","https://security.gentoo.org/glsa/201505-03","http://lists.opensuse.org/opensuse-updates/2014-09/msg00032.html","http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php","https://web.archive.org/web/20200228081340/http://www.securityfocus.com/bid/69790","https://github.com/advisories/GHSA-6wfj-2mw7-p5cg"],"source_kind":"github","identifiers":["GHSA-6wfj-2mw7-p5cg","CVE-2014-6300"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2023-08-15T23:05:02.201Z","updated_at":"2026-04-04T19:09:29.490Z","epss_percentage":0.00273,"epss_percentile":0.50506,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02d2ZqLTJtdzctcDVjZ84AAVFR","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS02d2ZqLTJtdzctcDVjZ84AAVFR","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.2.8.1","vulnerable_version_range":"\u003e= 4.2.0, \u003c 4.2.8.1"},{"first_patched_version":"4.1.14.4","vulnerable_version_range":"\u003e= 4.1.0, \u003c 4.1.14.4"},{"first_patched_version":"4.0.10.3","vulnerable_version_range":"\u003e= 4.0.0, \u003c 4.0.10.3"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02d2ZqLTJtdzctcDVjZ84AAVFR/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1jcjY1LXA2NjItZng1Y84AAVET","url":"https://github.com/advisories/GHSA-cr65-p662-fx5c","title":"phpMyAdmin vulnerable to Cross-site Scripting","description":"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-14T02:08:58.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.1,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-5733","https://github.com/phpmyadmin/phpmyadmin/commit/4d21b5c077db50c2a54b7f569d20f463cc2651f5","https://github.com/phpmyadmin/phpmyadmin/commit/615212a14d7d87712202f37354acf8581987fc5a","https://github.com/phpmyadmin/phpmyadmin/commit/79661610f6f65443e0ec1e382a7240437f28436c","https://github.com/phpmyadmin/phpmyadmin/commit/8716855b309dbe65d7b9a5d681b80579b225b322","https://github.com/phpmyadmin/phpmyadmin/commit/895a131d2eb7e447757a35d5731c7d647823ea8b","https://github.com/phpmyadmin/phpmyadmin/commit/960fd1fd52023047a23d069178bfff7463c2cefc","https://github.com/phpmyadmin/phpmyadmin/commit/be3ecbb4cca3fbe20e3b3aa4e049902d18b60865","https://github.com/phpmyadmin/phpmyadmin/commit/d648ade18d6cbb796a93261491c121f078df2d88","https://security.gentoo.org/glsa/201701-32","http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html","http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html","http://www.debian.org/security/2016/dsa-3627","https://www.phpmyadmin.net/security/PMASA-2016-26","https://web.archive.org/web/20200227223017/http://www.securityfocus.com/bid/91390","https://github.com/advisories/GHSA-cr65-p662-fx5c"],"source_kind":"github","identifiers":["GHSA-cr65-p662-fx5c","CVE-2016-5733"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2025-04-14T22:08:30.910Z","updated_at":"2026-04-04T19:03:29.989Z","epss_percentage":0.01085,"epss_percentile":0.77663,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jcjY1LXA2NjItZng1Y84AAVET","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1jcjY1LXA2NjItZng1Y84AAVET","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.6.3","vulnerable_version_range":"\u003e= 4.6.0, \u003c 4.6.3"},{"first_patched_version":"4.4.15.7","vulnerable_version_range":"\u003e= 4.4.15.0, \u003c 4.4.15.7"},{"first_patched_version":"4.0.10.16","vulnerable_version_range":"\u003e= 4.0.10.0, \u003c 4.0.10.16"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jcjY1LXA2NjItZng1Y84AAVET/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1td204LTM2YzUtajVjZs4AAVEP","url":"https://github.com/advisories/GHSA-mwm8-36c5-j5cf","title":"phpMyAdmin Cross-site scripting (XSS) vulnerability","description":"Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-14T02:08:58.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.1,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-5731","https://github.com/phpmyadmin/phpmyadmin/commit/418aeea3d83b0b6021bac311d849570acfc6e48c","https://github.com/phpmyadmin/phpmyadmin/commit/94cf3864254ffaf3a69e97d8fc454888368b94ab","https://security.gentoo.org/glsa/201701-32","http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html","http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html","http://www.debian.org/security/2016/dsa-3627","https://github.com/phpmyadmin/phpmyadmin/commit/52e7898","https://github.com/phpmyadmin/phpmyadmin/commit/5fefa51","https://github.com/phpmyadmin/phpmyadmin/commit/78f6c54","https://github.com/phpmyadmin/phpmyadmin/commit/d005ba6","https://www.phpmyadmin.net/security/PMASA-2016-24","https://github.com/advisories/GHSA-mwm8-36c5-j5cf"],"source_kind":"github","identifiers":["GHSA-mwm8-36c5-j5cf","CVE-2016-5731"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2024-04-24T18:05:06.355Z","updated_at":"2026-04-04T19:06:13.929Z","epss_percentage":0.00424,"epss_percentile":0.61596,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1td204LTM2YzUtajVjZs4AAVEP","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1td204LTM2YzUtajVjZs4AAVEP","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.6.3","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.3"},{"first_patched_version":"4.4.15.7","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.7"},{"first_patched_version":"4.0.10.16","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.16"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1td204LTM2YzUtajVjZs4AAVEP/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS13bTljLXZjdjItdnBxY84AAVES","url":"https://github.com/advisories/GHSA-wm9c-vcv2-vpqc","title":"phpMyAdmin full path disclosure vulnerability","description":"phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-14T02:08:58.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-5730","https://github.com/phpmyadmin/phpmyadmin/commit/27664605b945b13e1d2b71adea822ace2099cc96","https://github.com/phpmyadmin/phpmyadmin/commit/331c560fbfa0e7d2dce674b5e88e983c5f2a451d","https://github.com/phpmyadmin/phpmyadmin/commit/96e0aa35653ec0c66084a7e9343465e16c1f769b","https://github.com/phpmyadmin/phpmyadmin/commit/b0180f18c828706af3a6800f0fb01a536d3ef8c7","https://github.com/phpmyadmin/phpmyadmin/commit/cd229d718e8cb4bc8ba32446beaa82d27727b6f0","https://security.gentoo.org/glsa/201701-32","http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html","http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html","http://www.securityfocus.com/bid/91379","https://www.phpmyadmin.net/security/PMASA-2016-23","https://github.com/advisories/GHSA-wm9c-vcv2-vpqc"],"source_kind":"github","identifiers":["GHSA-wm9c-vcv2-vpqc","CVE-2016-5730"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2024-04-24T18:05:06.327Z","updated_at":"2026-04-04T19:06:13.920Z","epss_percentage":0.01317,"epss_percentile":0.79503,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13bTljLXZjdjItdnBxY84AAVES","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS13bTljLXZjdjItdnBxY84AAVES","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.6.3","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.3"},{"first_patched_version":"4.4.15.7","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.7"},{"first_patched_version":"4.0.10.16","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.16"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13bTljLXZjdjItdnBxY84AAVES/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1yaDc0LTU4MzUtanB4cM4AAVEN","url":"https://github.com/advisories/GHSA-rh74-5835-jpxp","title":"phpMyAdmin vulnerable to Cross-site Scripting","description":"setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-14T02:08:58.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.1,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-5701","https://github.com/phpmyadmin/phpmyadmin/commit/1dca386505f396f0c2035112a403cc80768a141f","https://security.gentoo.org/glsa/201701-32","http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html","http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html","http://www.debian.org/security/2016/dsa-3627","https://www.phpmyadmin.net/security/PMASA-2016-17","https://github.com/phpmyadmin/phpmyadmin/commit/5633b1d57b23ddaa5a9a976a323c90c18d9be03d","https://github.com/phpmyadmin/phpmyadmin/commit/bf7379771f4b32e01f4af3b36f8ec6900288688e","https://web.archive.org/web/20200227223408/http://www.securityfocus.com/bid/91383","https://github.com/advisories/GHSA-rh74-5835-jpxp"],"source_kind":"github","identifiers":["GHSA-rh74-5835-jpxp","CVE-2016-5701"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2025-04-14T22:08:30.991Z","updated_at":"2026-04-04T19:03:29.991Z","epss_percentage":0.00459,"epss_percentile":0.6351,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yaDc0LTU4MzUtanB4cM4AAVEN","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1yaDc0LTU4MzUtanB4cM4AAVEN","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.6.3","vulnerable_version_range":"\u003e= 4.6.0, \u003c 4.6.3"},{"first_patched_version":"4.4.15.7","vulnerable_version_range":"\u003e= 4.4.15.0, \u003c 4.4.15.7"},{"first_patched_version":"4.0.10.16","vulnerable_version_range":"\u003e= 4.0.10.0, \u003c 4.0.10.16"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yaDc0LTU4MzUtanB4cM4AAVEN/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS02cTJqLThoOHEtNDZtcs4AAVEO","url":"https://github.com/advisories/GHSA-6q2j-8h8q-46mr","title":"phpMyAdmin vulnerable to Cross-site Scripting","description":"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an \"invalid JSON\" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-14T02:08:58.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.1,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-5705","https://github.com/phpmyadmin/phpmyadmin/commit/03f73d48369703e0d3584699b08e24891c3295b8","https://github.com/phpmyadmin/phpmyadmin/commit/0b7416c5f4439ed3f11c023785f2d4c49a1b09fc","https://github.com/phpmyadmin/phpmyadmin/commit/364732e309cccb3fb56c938ed8d8bc0e04a3ca98","https://github.com/phpmyadmin/phpmyadmin/commit/36df83a97a7f140fdb008b727a94f882847c6a6f","https://github.com/phpmyadmin/phpmyadmin/commit/57ae483bad33059a885366d5445b7e1f6f29860a","https://security.gentoo.org/glsa/201701-32","http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html","http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html","http://www.debian.org/security/2016/dsa-3627","https://www.phpmyadmin.net/security/PMASA-2016-21","https://web.archive.org/web/20200227223416/http://www.securityfocus.com/bid/91378","https://github.com/advisories/GHSA-6q2j-8h8q-46mr"],"source_kind":"github","identifiers":["GHSA-6q2j-8h8q-46mr","CVE-2016-5705"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2025-04-14T22:08:30.949Z","updated_at":"2026-04-04T19:03:29.990Z","epss_percentage":0.00605,"epss_percentile":0.69523,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02cTJqLThoOHEtNDZtcs4AAVEO","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS02cTJqLThoOHEtNDZtcs4AAVEO","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.6.3","vulnerable_version_range":"\u003e= 4.6.0, \u003c 4.6.3"},{"first_patched_version":"4.4.15.7","vulnerable_version_range":"\u003e= 4.4.0, \u003c 4.4.15.7"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02cTJqLThoOHEtNDZtcs4AAVEO/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS0ycDd2LWptOG0tZzNxcc4AAVEQ","url":"https://github.com/advisories/GHSA-2p7v-jm8m-g3qq","title":"phpMyAdmin vulnerable to Cross-Site Request Forgery","description":"The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-14T02:08:58.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-5739","https://github.com/phpmyadmin/phpmyadmin/commit/1e5716cb96d46efc305381ae0da08e73fe340f05","https://github.com/phpmyadmin/phpmyadmin/commit/2f4950828ec241e8cbdcf13090c2582a6fa620cb","https://security.gentoo.org/glsa/201701-32","http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html","http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html","http://www.debian.org/security/2016/dsa-3627","https://www.phpmyadmin.net/security/PMASA-2016-28","https://web.archive.org/web/20200227223419/http://www.securityfocus.com/bid/91389","https://github.com/advisories/GHSA-2p7v-jm8m-g3qq"],"source_kind":"github","identifiers":["GHSA-2p7v-jm8m-g3qq","CVE-2016-5739"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2025-04-14T22:08:30.875Z","updated_at":"2026-04-04T19:03:29.988Z","epss_percentage":0.00919,"epss_percentile":0.75503,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0ycDd2LWptOG0tZzNxcc4AAVEQ","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS0ycDd2LWptOG0tZzNxcc4AAVEQ","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.6.3","vulnerable_version_range":"\u003e= 4.6.0, \u003c 4.6.3"},{"first_patched_version":"4.4.15.7","vulnerable_version_range":"\u003e= 4.4.15.0, \u003c 4.4.15.7"},{"first_patched_version":"4.0.10.16","vulnerable_version_range":"\u003e= 4.0.10.0, \u003c 4.0.10.16"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0ycDd2LWptOG0tZzNxcc4AAVEQ/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS05cm1tLThmcDQtMjZods4AAVEI","url":"https://github.com/advisories/GHSA-9rmm-8fp4-26hv","title":"phpMyAdmin Denial Of Service (DOS) attack","description":"js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-14T02:08:57.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-5706","https://github.com/phpmyadmin/phpmyadmin/commit/4767f24ea4c1e3822ce71a636c341e8ad8d07aa6","https://security.gentoo.org/glsa/201701-32","http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html","http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html","http://www.debian.org/security/2016/dsa-3627","http://www.securityfocus.com/bid/91376","https://www.phpmyadmin.net/security/PMASA-2016-22","https://github.com/phpmyadmin/phpmyadmin/commit/805225a28c1428d7809e613c731c2126960e98df","https://github.com/phpmyadmin/phpmyadmin/commit/abb3685c8702de887988fee31a97ef4d80d856a1","https://github.com/advisories/GHSA-9rmm-8fp4-26hv"],"source_kind":"github","identifiers":["GHSA-9rmm-8fp4-26hv","CVE-2016-5706"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2024-04-24T19:05:09.861Z","updated_at":"2026-04-04T19:06:12.214Z","epss_percentage":0.02778,"epss_percentile":0.85621,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05cm1tLThmcDQtMjZods4AAVEI","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS05cm1tLThmcDQtMjZods4AAVEI","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.6.3","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.3"},{"first_patched_version":"4.4.15.7","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.7"},{"first_patched_version":"4.0.10.16","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.16"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05cm1tLThmcDQtMjZods4AAVEI/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1wdzM0LXFmNmMtODRmY84AAVDw","url":"https://github.com/advisories/GHSA-pw34-qf6c-84fc","title":"phpMyAdmin XSS Vulnerability","description":"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-14T02:08:30.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.4,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-2040","https://github.com/phpmyadmin/phpmyadmin/commit/75a55824012406a08c4debf5ddb7ae41c32a7dbc","https://github.com/phpmyadmin/phpmyadmin/commit/aca42efa01917cc0fe8cfdb2927a6399ca1742f2","https://github.com/phpmyadmin/phpmyadmin/commit/edffb52884b09562490081c3b8666ef46c296418","http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html","http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html","http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html","http://www.debian.org/security/2016/dsa-3627","http://www.phpmyadmin.net/home_page/security/PMASA-2016-3.php","https://github.com/advisories/GHSA-pw34-qf6c-84fc"],"source_kind":"github","identifiers":["GHSA-pw34-qf6c-84fc","CVE-2016-2040"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2023-07-28T21:03:41.870Z","updated_at":"2026-04-04T19:08:55.217Z","epss_percentage":0.00493,"epss_percentile":0.65518,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wdzM0LXFmNmMtODRmY84AAVDw","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1wdzM0LXFmNmMtODRmY84AAVDw","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.5.4","vulnerable_version_range":"\u003e= 4.5, \u003c 4.5.4"},{"first_patched_version":"4.4.15.3","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.3"},{"first_patched_version":"4.0.10.13","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.13"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wdzM0LXFmNmMtODRmY84AAVDw/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS04bTk3LXhjNDYtcnc5d84AAVDh","url":"https://github.com/advisories/GHSA-8m97-xc46-rw9w","title":"phpMyAdmin Unsafe comparison of XSRF/CSRF token","description":"libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-14T02:08:30.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-2041","https://github.com/phpmyadmin/phpmyadmin/commit/ec0e88e37ef30a66eada1c072953f4ec385a3e49","http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html","http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html","http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html","http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html","http://www.debian.org/security/2016/dsa-3627","http://www.phpmyadmin.net/home_page/security/PMASA-2016-5.php","https://github.com/advisories/GHSA-8m97-xc46-rw9w"],"source_kind":"github","identifiers":["GHSA-8m97-xc46-rw9w","CVE-2016-2041"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2024-04-24T19:05:09.834Z","updated_at":"2026-04-04T19:06:12.214Z","epss_percentage":0.01029,"epss_percentile":0.76775,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04bTk3LXhjNDYtcnc5d84AAVDh","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS04bTk3LXhjNDYtcnc5d84AAVDh","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.5.4","vulnerable_version_range":"\u003e= 4.5, \u003c 4.5.4"},{"first_patched_version":"4.4.15.3","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.3"},{"first_patched_version":"4.0.10.13","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.13"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04bTk3LXhjNDYtcnc5d84AAVDh/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1wdnI1LTg0Z3ItZzk4Nc4AAU_A","url":"https://github.com/advisories/GHSA-pvr5-84gr-g985","title":"phpMyAdmin Implementation XSS Vulnerability on Server Monitor Page","description":"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the `libraries/DatabaseInterface.class.php` code for SQL debug output and the `js/server_status_monitor.js` code for the server monitor page.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-14T02:05:34.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2014-8326","https://github.com/phpmyadmin/phpmyadmin/commit/7b8962dede7631298c81e2c1cd267b81f1e08a8c","https://github.com/phpmyadmin/phpmyadmin/commit/bd68c54d1beeef79d237e8bfda44690834012a76","http://lists.opensuse.org/opensuse-updates/2014-11/msg00004.html","http://www.phpmyadmin.net/home_page/security/PMASA-2014-12.php","https://web.archive.org/web/20200228163625/http://www.securityfocus.com/bid/70731","https://github.com/advisories/GHSA-pvr5-84gr-g985"],"source_kind":"github","identifiers":["GHSA-pvr5-84gr-g985","CVE-2014-8326"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2023-08-15T23:05:02.176Z","updated_at":"2026-04-04T19:09:29.488Z","epss_percentage":0.00269,"epss_percentile":0.50174,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wdnI1LTg0Z3ItZzk4Nc4AAU_A","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1wdnI1LTg0Z3ItZzk4Nc4AAU_A","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.2.10.1","vulnerable_version_range":"\u003e= 4.2.0, \u003c 4.2.10.1"},{"first_patched_version":"4.1.14.6","vulnerable_version_range":"\u003e= 4.1.0, \u003c 4.1.14.6"},{"first_patched_version":"4.0.10.5","vulnerable_version_range":"\u003e= 4.0.0, \u003c 4.0.10.5"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wdnI1LTg0Z3ItZzk4Nc4AAU_A/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1xNTg2LXhwd3ItamMzas4AAU_C","url":"https://github.com/advisories/GHSA-q586-xpwr-jc3j","title":"phpMyAdmin cross-site scripting vulnerability in crafted view name","description":"A cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to `js/functions.js`.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2022-05-14T02:05:29.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2014-5274","https://github.com/phpmyadmin/phpmyadmin/commit/0cd293f5e13aa245e4a57b8d373597cc0e421b6f","http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html","http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php","https://github.com/advisories/GHSA-q586-xpwr-jc3j"],"source_kind":"github","identifiers":["GHSA-q586-xpwr-jc3j","CVE-2014-5274"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2023-08-16T23:05:12.037Z","updated_at":"2026-04-04T19:09:27.233Z","epss_percentage":0.00219,"epss_percentile":0.44504,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xNTg2LXhwd3ItamMzas4AAU_C","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1xNTg2LXhwd3ItamMzas4AAU_C","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.2.7.1","vulnerable_version_range":"\u003e= 4.2.0, \u003c 4.2.7.1"},{"first_patched_version":"4.1.14.3","vulnerable_version_range":"\u003e= 4.1.0, \u003c 4.1.14.3"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xNTg2LXhwd3ItamMzas4AAU_C/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1mNzMyLWZ4aDYtZzRxas4AAUU4","url":"https://github.com/advisories/GHSA-f732-fxh6-g4qj","title":"phpMyAdmin SQL injection in Designer feature","description":"An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2022-05-14T01:38:49.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":9.8,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2019-6798","http://www.securityfocus.com/bid/106727","https://www.phpmyadmin.net/security/PMASA-2019-2","https://github.com/advisories/GHSA-f732-fxh6-g4qj"],"source_kind":"github","identifiers":["GHSA-f732-fxh6-g4qj","CVE-2019-6798"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-04-24T19:05:09.808Z","updated_at":"2026-04-04T19:06:12.213Z","epss_percentage":0.00538,"epss_percentile":0.6751,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mNzMyLWZ4aDYtZzRxas4AAUU4","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1mNzMyLWZ4aDYtZzRxas4AAUU4","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.8.5","vulnerable_version_range":"\u003c 4.8.5"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mNzMyLWZ4aDYtZzRxas4AAUU4/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS01aDVtLWZqNDgtcXBqd84AAT15","url":"https://github.com/advisories/GHSA-5h5m-fj48-qpjw","title":"phpMyAdmin Open Redirect","description":"phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-14T01:19:05.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.1,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2017-1000013","https://www.phpmyadmin.net/security/PMASA-2017-1","https://web.archive.org/web/20210123220100/http://www.securityfocus.com/bid/95720","https://github.com/advisories/GHSA-5h5m-fj48-qpjw"],"source_kind":"github","identifiers":["GHSA-5h5m-fj48-qpjw","CVE-2017-1000013"],"repository_url":null,"blast_radius":0.0,"created_at":"2023-07-26T21:03:40.617Z","updated_at":"2026-04-04T19:08:55.225Z","epss_percentage":0.00239,"epss_percentile":0.4695,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01aDVtLWZqNDgtcXBqd84AAT15","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS01aDVtLWZqNDgtcXBqd84AAT15","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.10.19","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.19"},{"first_patched_version":"4.4.15.10","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.10"},{"first_patched_version":"4.6.6","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.6"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01aDVtLWZqNDgtcXBqd84AAT15/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS05aHJjLXJ3cnEtdjZtaM4AAT13","url":"https://github.com/advisories/GHSA-9hrc-rwrq-v6mh","title":"phpMyAdmin DoS Vulnerability","description":"phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-14T01:19:05.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2017-1000014","https://www.phpmyadmin.net/security/PMASA-2017-3","https://web.archive.org/web/20210123220105/http://www.securityfocus.com/bid/95721","https://github.com/advisories/GHSA-9hrc-rwrq-v6mh"],"source_kind":"github","identifiers":["GHSA-9hrc-rwrq-v6mh","CVE-2017-1000014"],"repository_url":null,"blast_radius":0.0,"created_at":"2023-07-26T21:03:40.597Z","updated_at":"2026-04-04T19:08:55.224Z","epss_percentage":0.01144,"epss_percentile":0.77831,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05aHJjLXJ3cnEtdjZtaM4AAT13","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS05aHJjLXJ3cnEtdjZtaM4AAT13","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.10.19","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.19"},{"first_patched_version":"4.4.15.10","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.10"},{"first_patched_version":"4.6.6","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.6"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05aHJjLXJ3cnEtdjZtaM4AAT13/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS00N3FyLWY4NmYtM3dtNM4AAT06","url":"https://github.com/advisories/GHSA-47qr-f86f-3wm4","title":"phpMyAdmin DoS Vulnerability","description":"phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-14T01:18:39.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2017-1000018","https://www.phpmyadmin.net/security/PMASA-2017-7","https://web.archive.org/web/20210123220317/http://www.securityfocus.com/bid/95738","https://github.com/advisories/GHSA-47qr-f86f-3wm4"],"source_kind":"github","identifiers":["GHSA-47qr-f86f-3wm4","CVE-2017-1000018"],"repository_url":null,"blast_radius":0.0,"created_at":"2023-07-26T20:03:42.683Z","updated_at":"2026-04-04T19:08:55.218Z","epss_percentage":0.01295,"epss_percentile":0.79502,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00N3FyLWY4NmYtM3dtNM4AAT06","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS00N3FyLWY4NmYtM3dtNM4AAT06","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.10.19","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.19"},{"first_patched_version":"4.4.15.10","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.10"},{"first_patched_version":"4.6.6","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.6"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00N3FyLWY4NmYtM3dtNM4AAT06/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS0zZmdxLWNtcjQtOTdycs4AAT05","url":"https://github.com/advisories/GHSA-3fgq-cmr4-97rr","title":"phpMyAdmin CSS Injection Vulnerability","description":"phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-14T01:18:39.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.1,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2017-1000015","https://www.phpmyadmin.net/security/PMASA-2017-4","https://web.archive.org/web/20210123220229/http://www.securityfocus.com/bid/95726","https://github.com/advisories/GHSA-3fgq-cmr4-97rr"],"source_kind":"github","identifiers":["GHSA-3fgq-cmr4-97rr","CVE-2017-1000015"],"repository_url":null,"blast_radius":0.0,"created_at":"2023-07-26T21:03:40.533Z","updated_at":"2026-04-04T19:08:15.360Z","epss_percentage":0.00557,"epss_percentile":0.67507,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zZmdxLWNtcjQtOTdycs4AAT05","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS0zZmdxLWNtcjQtOTdycs4AAT05","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.10.19","vulnerable_version_range":"\u003e= 4.0.0, \u003c 4.0.10.19"},{"first_patched_version":"4.4.15.10","vulnerable_version_range":"\u003e= 4.4.0, \u003c 4.4.15.10"},{"first_patched_version":"4.6.6","vulnerable_version_range":"\u003e= 4.6.0, \u003c 4.6.6"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zZmdxLWNtcjQtOTdycs4AAT05/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS05OXhqLXhxYzktOThocs4AATw2","url":"https://github.com/advisories/GHSA-99xj-xqc9-98hr","title":"phpMyAdmin SSRF in replication","description":"phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-14T01:15:48.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.8,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2017-1000017","https://www.phpmyadmin.net/security/PMASA-2017-6","http://www.securityfocus.com/bid/95732","https://github.com/advisories/GHSA-99xj-xqc9-98hr"],"source_kind":"github","identifiers":["GHSA-99xj-xqc9-98hr","CVE-2017-1000017"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-04-24T18:05:06.381Z","updated_at":"2026-04-04T19:06:13.935Z","epss_percentage":0.0092,"epss_percentile":0.7551,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05OXhqLXhxYzktOThocs4AATw2","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS05OXhqLXhxYzktOThocs4AATw2","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.0.10.19","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.19"},{"first_patched_version":"4.4.15.10","vulnerable_version_range":"\u003e= 4.4, \u003c 4.4.15.10"},{"first_patched_version":"4.6.6","vulnerable_version_range":"\u003e= 4.6, \u003c 4.6.6"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05OXhqLXhxYzktOThocs4AATw2/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS04OTg3LTkzZmgtcmN3cc4AATl_","url":"https://github.com/advisories/GHSA-8987-93fh-rcwq","title":"phpMyAdmin Cross-site Scripting (XSS) vulnerability","description":"In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-14T01:09:10.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.1,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-19970","https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html","https://security.gentoo.org/glsa/201904-16","http://www.securityfocus.com/bid/106181","https://www.phpmyadmin.net/security/PMASA-2018-8","https://github.com/advisories/GHSA-8987-93fh-rcwq"],"source_kind":"github","identifiers":["GHSA-8987-93fh-rcwq","CVE-2018-19970"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-05-04T06:05:20.070Z","updated_at":"2026-04-04T19:06:13.940Z","epss_percentage":0.01501,"epss_percentile":0.80705,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04OTg3LTkzZmgtcmN3cc4AATl_","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS04OTg3LTkzZmgtcmN3cc4AATl_","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.8.4","vulnerable_version_range":"\u003e= 4.0, \u003c 4.8.4"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04OTg3LTkzZmgtcmN3cc4AATl_/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS14d2YyLTUzbWMtcjhoeM4AATl-","url":"https://github.com/advisories/GHSA-xwf2-53mc-r8hx","title":"phpMyAdmin CSRF Vulnerability","description":"phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-14T01:09:10.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.8,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-19969","https://security.gentoo.org/glsa/201904-16","https://www.phpmyadmin.net/security/PMASA-2018-7/","https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/106175/","https://github.com/advisories/GHSA-xwf2-53mc-r8hx"],"source_kind":"github","identifiers":["GHSA-xwf2-53mc-r8hx","CVE-2018-19969"],"repository_url":null,"blast_radius":0.0,"created_at":"2023-07-24T20:03:49.253Z","updated_at":"2026-04-04T19:09:39.537Z","epss_percentage":0.00458,"epss_percentile":0.63508,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14d2YyLTUzbWMtcjhoeM4AATl-","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS14d2YyLTUzbWMtcjhoeM4AATl-","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":null,"vulnerable_version_range":"\u003e= 4.7, \u003c= 4.7.6"},{"first_patched_version":"4.8.4","vulnerable_version_range":"\u003e= 4.8, \u003c 4.8.4"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14d2YyLTUzbWMtcjhoeM4AATl-/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS14Yzk3LXI0OXEtY3hnY84AATj3","url":"https://github.com/advisories/GHSA-xc97-r49q-cxgc","title":"phpMyAdmin Local file inclusion through transformation feature","description":"An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-14T01:07:30.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-19968","https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html","https://security.gentoo.org/glsa/201904-16","http://www.securityfocus.com/bid/106178","https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732","https://www.phpmyadmin.net/security/PMASA-2018-6","https://github.com/advisories/GHSA-xc97-r49q-cxgc"],"source_kind":"github","identifiers":["GHSA-xc97-r49q-cxgc","CVE-2018-19968"],"repository_url":"https://github.com/phpmyadmin/phpmyadmin","blast_radius":0.0,"created_at":"2024-04-24T19:05:09.780Z","updated_at":"2026-04-04T19:06:12.212Z","epss_percentage":0.02543,"epss_percentile":0.85048,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14Yzk3LXI0OXEtY3hnY84AATj3","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS14Yzk3LXI0OXEtY3hnY84AATj3","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.8.4","vulnerable_version_range":"\u003c 4.8.4"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14Yzk3LXI0OXEtY3hnY84AATj3/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1mOWh4LTVqcTQtZmdqbc4AAThu","url":"https://github.com/advisories/GHSA-f9hx-5jq4-fgjm","title":"phpMyAdmin CSRF Vulnerability","description":"phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-14T01:05:59.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.8,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2017-1000499","https://www.exploit-db.com/exploits/45284/","https://www.phpmyadmin.net/security/PMASA-2017-9/","http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/","https://web.archive.org/web/20201208204518/http://www.securitytracker.com/id/1040163","https://github.com/advisories/GHSA-f9hx-5jq4-fgjm"],"source_kind":"github","identifiers":["GHSA-f9hx-5jq4-fgjm","CVE-2017-1000499"],"repository_url":null,"blast_radius":0.0,"created_at":"2023-07-26T22:03:42.566Z","updated_at":"2026-04-04T19:08:55.225Z","epss_percentage":0.11439,"epss_percentile":0.93507,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mOWh4LTVqcTQtZmdqbc4AAThu","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1mOWh4LTVqcTQtZmdqbc4AAThu","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.7.7","vulnerable_version_range":"\u003e= 4.7, \u003c 4.7.7"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mOWh4LTVqcTQtZmdqbc4AAThu/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS01ODY4LWc1OGotdnJqNc4AASLm","url":"https://github.com/advisories/GHSA-5868-g58j-vrj5","title":"phpMyAdmin Improper Privilege Management","description":"An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions (e.g., version 5). This can allow the login of users who have no password set even if the administrator has set $cfg['Servers'][$i]['AllowNoPassword'] to false (which is also the default). This occurs because some implementations of the PHP substr function return false when given '' as the first argument.","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2022-05-13T01:44:38.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":9.8,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2017-18264","https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html","http://www.securityfocus.com/bid/97211","https://www.phpmyadmin.net/security/PMASA-2017-8","https://github.com/advisories/GHSA-5868-g58j-vrj5"],"source_kind":"github","identifiers":["GHSA-5868-g58j-vrj5","CVE-2017-18264"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-04-24T19:05:09.739Z","updated_at":"2026-04-04T19:06:12.211Z","epss_percentage":0.00305,"epss_percentile":0.53529,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01ODY4LWc1OGotdnJqNc4AASLm","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS01ODY4LWc1OGotdnJqNc4AASLm","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":null,"vulnerable_version_range":"\u003e= 4.6.0, \u003c= 4.6.6"},{"first_patched_version":null,"vulnerable_version_range":"\u003e= 4.4.0, \u003c= 4.4.15.10"},{"first_patched_version":"4.7.0","vulnerable_version_range":"\u003e= 4.7.0-beta1, \u003c 4.7.0"},{"first_patched_version":"4.0.10.20","vulnerable_version_range":"\u003e= 4.0, \u003c 4.0.10.20"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01ODY4LWc1OGotdnJqNc4AASLm/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1jOHdqLXEzNnEtM3dnNM4AAQK-","url":"https://github.com/advisories/GHSA-c8wj-q36q-3wg4","title":"phpMyAdmin Arbitrary file read vulnerability","description":"An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of \"options(MYSQLI_OPT_LOCAL_INFILE\" calls.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-13T01:22:46.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2019-6799","https://lists.debian.org/debian-lts-announce/2019/02/msg00039.html","http://www.securityfocus.com/bid/106736","https://www.phpmyadmin.net/security/PMASA-2019-1","https://github.com/advisories/GHSA-c8wj-q36q-3wg4"],"source_kind":"github","identifiers":["GHSA-c8wj-q36q-3wg4","CVE-2019-6799"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-04-24T19:05:09.712Z","updated_at":"2026-04-04T19:06:12.210Z","epss_percentage":0.7658,"epss_percentile":0.98914,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jOHdqLXEzNnEtM3dnNM4AAQK-","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1jOHdqLXEzNnEtM3dnNM4AAQK-","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.8.5","vulnerable_version_range":"\u003e= 4.8, \u003c 4.8.5"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jOHdqLXEzNnEtM3dnNM4AAQK-/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS14Mzk0LWc5ajgteDdtZs3rxA","url":"https://github.com/advisories/GHSA-x394-g9j8-x7mf","title":"phpMyAdmin Improper Authentication","description":"An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the \"$cfg['AllowArbitraryServer'] = true\" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the \"$cfg['ServerDefault'] = 0\" case (which bypasses the login requirement and runs the vulnerable code without any authentication).","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-13T01:05:22.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-12613","https://security.gentoo.org/glsa/201904-16","http://packetstormsecurity.com/files/164623/phpMyAdmin-4.8.1-Remote-Code-Execution.html","http://www.securityfocus.com/bid/104532","https://www.exploit-db.com/exploits/44924","https://www.exploit-db.com/exploits/44928","https://www.exploit-db.com/exploits/45020","https://www.phpmyadmin.net/security/PMASA-2018-4","https://github.com/advisories/GHSA-x394-g9j8-x7mf"],"source_kind":"github","identifiers":["GHSA-x394-g9j8-x7mf","CVE-2018-12613"],"repository_url":null,"blast_radius":0.0,"created_at":"2024-04-24T18:05:06.411Z","updated_at":"2026-04-04T19:06:13.947Z","epss_percentage":0.94281,"epss_percentile":0.99936,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14Mzk0LWc5ajgteDdtZs3rxA","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS14Mzk0LWc5ajgteDdtZs3rxA","packages":[{"ecosystem":"packagist","package_name":"phpmyadmin/phpmyadmin","versions":[{"first_patched_version":"4.8.2","vulnerable_version_range":"\u003e= 4.8, \u003c 4.8.2"}],"purl":null}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14Mzk0LWc5ajgteDdtZs3rxA/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/packagist/phpmyadmin/phpmyadmin","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/packagist/phpmyadmin/phpmyadmin","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/packagist/phpmyadmin/phpmyadmin/dependencies","status":null,"funding_links":["https://www.phpmyadmin.net/donate/"],"critical":null,"issue_metadata":{"last_synced_at":"2025-11-23T00:16:18.763Z","issues_count":0,"pull_requests_count":11,"avg_time_to_close_issue":null,"avg_time_to_close_pull_request":8942161.363636363,"issues_closed_count":0,"pull_requests_closed_count":11,"pull_request_authors_count":1,"issue_authors_count":0,"avg_comments_per_issue":null,"avg_comments_per_pull_request":2.090909090909091,"merged_pull_requests_count":0,"bot_issues_count":0,"bot_pull_requests_count":11,"past_year_issues_count":0,"past_year_pull_requests_count":0,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":null,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":0,"past_year_pull_request_authors_count":0,"past_year_issue_authors_count":0,"past_year_avg_comments_per_issue":null,"past_year_avg_comments_per_pull_request":null,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/phpmyadmin%2Fcomposer/issues","maintainers":[],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/packagist.org/packages/phpmyadmin%2Fphpmyadmin/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/packagist.org/packages/phpmyadmin%2Fphpmyadmin/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/packagist.org/packages/phpmyadmin%2Fphpmyadmin/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/packagist.org/packages/phpmyadmin%2Fphpmyadmin/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/packagist.org/packages/phpmyadmin%2Fphpmyadmin/codemeta","maintainers":[{"uuid":"phpmyadmin","login":"phpmyadmin","name":null,"email":null,"url":null,"packages_count":7,"html_url":"https://packagist.org/users/phpmyadmin","role":null,"created_at":"2022-11-20T07:26:21.565Z","updated_at":"2022-11-20T07:26:21.565Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/packagist.org/maintainers/phpmyadmin/packages"},{"uuid":"ibennetch","login":"ibennetch","name":null,"email":null,"url":null,"packages_count":2,"html_url":"https://packagist.org/users/ibennetch","role":null,"created_at":"2022-11-20T07:26:21.575Z","updated_at":"2022-11-20T07:26:21.575Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/packagist.org/maintainers/ibennetch/packages"},{"uuid":"nijel","login":"nijel","name":null,"email":null,"url":null,"packages_count":1,"html_url":"https://packagist.org/users/nijel","role":null,"created_at":"2022-11-20T07:26:21.551Z","updated_at":"2022-11-20T07:26:21.551Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/packagist.org/maintainers/nijel/packages"}]}