Vvveb < 1.0.8.2 Hard-coded Credentials Information Disclosure via phpMyAdmin

9.2 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to gain unrestricted read and write access to the entire Vvveb database, including administrator password hashes, customer personally identifiable information, and order data, enabling account takeover and data manipulation.

AI Analysis

Hard-coded credentials vulnerability allowing unauthenticated access to the phpMyAdmin container and Vvveb database

Basic Information

ID CVE-2026-41930

Source VulnCheck

Published May 6, 2026 at 18:37

Modified May 6, 2026 at 19:34

Affected Product

Vendor givanz

Product Vvveb

Affected Versions givanz Vvveb 0

CWE Classification

CWE-306

AI Assessment

AI Score 9.2 / 10

AI Severity Critical

Vendor givanz

Product Vvveb

Version < 1.0.8.2

References

{
    "lastseen": "",
    "description": "Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to gain unrestricted read and write access to the entire Vvveb database, including administrator password hashes, customer personally identifiable information, and order data, enabling account takeover and data manipulation.",
    "published": "2026-05-06T18:37:45.989Z",
    "modified": "2026-05-06T19:34:56.694Z",
    "type": "cve",
    "title": "Vvveb < 1.0.8.2 Hard-coded Credentials Information Disclosure via phpMyAdmin",
    "source": "VulnCheck",
    "references": "https://github.com/givanz/Vvveb/releases/tag/1.0.8.2\nhttps://github.com/givanz/Vvveb/security/advisories/GHSA-g38h-mr9p-fjmf\nhttps://github.com/givanz/Vvveb/commit/f85ca7c2bc389bda3cc2eca87b2514581a628c32\nhttps://www.vulncheck.com/advisories/vvveb-hard-coded-credentials-information-disclosure-via-phpmyadmin",
    "id": "CVE-2026-41930",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "givanz Vvveb 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.2,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Vvveb",
    "version": "0",
    "vendor": "givanz",
    "ai_description": "Hard-coded credentials vulnerability allowing unauthenticated access to the phpMyAdmin container and Vvveb database",
    "ai_severity": "Critical",
    "ai_vendor": "givanz",
    "ai_product": "Vvveb",
    "ai_version": "< 1.0.8.2",
    "ai_score": 9.2
}

Vvveb < 1.0.8.2 Hard-coded Credentials Information Disclosure via phpMyAdmin_CVE-2026-41930