Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS03cmY4LTlyOGYtcWY1Oc4AAcvl

Moderate EPSS: 0.00278% (0.5093 Percentile) EPSS:
Permalink JSON

phpMyAdmin Cross-site scripting (XSS) vulnerability in SQL parser

Affected Packages Affected Versions Fixed Versions
packagist:phpmyadmin/phpmyadmin >= 4.5, < 4.5.5.1 4.5.5.1
4 Dependent packages
15 Dependent repositories
353,741 Downloads total

Affected Version Ranges

All affected versions

4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 4.7.7, 4.7.8, 4.7.9, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 4.8.5, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.9.7, 4.9.8, 4.9.9, 4.9.10, 4.9.11, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.2.0, 5.2.1, 5.2.2

All unaffected versions

4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10

Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.

References:

Identifiers

GHSA-7rf8-9r8f-qf59

CVE-2016-2559

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00278

EPSS Percentile: 0.5093

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/phpmyadmin/phpmyadmin

Date and time

Published

over 3 years ago

Updated

over 1 year ago

API

JSON