[
  {
    "name": "phpMyAdmin",
    "url": "https://www.phpmyadmin.net/",
    "safe": "5.0.2",
    "old_safe": "4.9.5",
    "vuln": "CVE-2020-10803",
    "detection": [
      {
        "file": "Config.class.php",
        "variable": "PMA_VERSION",
        "subdir": 1,
        "note": "4.5.x and older"
      },
      {
        "file": "Config.php",
        "variable": "PMA_VERSION",
        "subdir": 1,
        "extra_match": "namespace PMA\\libraries;",
        "note": "4.6.x/4.7.x"
      },
      {
        "file": "Config.php",
        "variable": "PMA_VERSION",
        "subdir": 2,
        "extra_match": "namespace PhpMyAdmin;"
      }
    ]
  },
  {
    "name": "SquirrelMail",
    "url": "https://squirrelmail.org/",
    "safe": "1.4.22",
    "vuln": "CVE-2010-4554",
    "detection": [
      {
        "file": "strings.php",
        "variable": "$version",
        "subdir": 1,
        "extra_match": "SquirrelMail version number"
      }
    ]
  },
  {
    "name": "Mantis",
    "url": "https://mantisbt.org/",
    "safe": "2.24.1",
    "vuln": "https://www.mantisbt.org/bugs/view.php?id=26893",
    "detection": [
      {
        "file": "config_defaults_inc.php",
        "variable": "$g_mantis_version",
        "subdir": 0
      },
      {
        "file": "constant_inc.php",
        "variable": "MANTIS_VERSION",
        "subdir": 1
      }
    ]
  },
  {
    "name": "Bugzilla",
    "url": "https://www.bugzilla.org/",
    "safe": "5.0.4",
    "old_safe": "4.4.13",
    "vuln": "CVE-2018-5123",
    "detection": [
      {
        "file": "globals.pl",
        "variable": "$::param{'version'}",
        "subdir": 0,
        "note": "2.14.x and older"
      },
      {
        "file": "Config.pm",
        "variable": "$Bugzilla::Config::VERSION",
        "subdir": 1,
        "note": "2.16.x - 2.23.x"
      },
      {
        "file": "Constants.pm",
        "variable": "BUGZILLA_VERSION",
        "subdir": 1,
        "note": "3.x and newer"
      }
    ]
  },
  {
    "name": "SimpNews",
    "url": "https://web.archive.org/web/20110228171938/http://www.boesch-it.de/",
    "safe": "2.48",
    "vuln": "CVE-2010-2858",
    "detection": [
      {
        "file": "global.inc.php",
        "variable": "$version",
        "subdir": 1,
        "extra_match": "$path_simpnews"
      }
    ]
  },
  {
    "name": "calendarix",
    "url": "https://web.archive.org/web/20120430200920/http://www.calendarix.com/",
    "safe": "",
    "vuln": "CVE-2007-3183",
    "detection": [
      {
        "file": "cal_config.inc.php",
        "variable": "$version",
        "subdir": 0
      }
    ]
  },
  {
    "name": "myEvent",
    "url": "http://mywebland.com/",
    "safe": "",
    "vuln": "CVE-2007-0690",
    "detection": [
      {
        "file": "config.php",
        "variable": "$version",
        "subdir": 0,
        "extra_match": "$eventbgcolor"
      }
    ]
  },
  {
    "name": "php-stats",
    "url": "http://php-stats.com/",
    "safe": "",
    "vuln": "CVE-2007-5453",
    "detection": [
      {
        "file": "update.php",
        "variable": "$version",
        "subdir": 0,
        "extra_match": "http://php-stats.com/"
      }
    ]
  },
  {
    "name": "Ampache",
    "url": "http://ampache.org/",
    "safe": "4.0.0",
    "vuln": "CVE-2019-12385",
    "detection": [
      {
        "file": "init.php",
        "variable": "$results['version']",
        "subdir": 1,
        "extra_match": "$ampache_path"
      }
    ]
  },
  {
    "name": "SiteBar",
    "url": "https://sitebar.org/",
    "safe": "3.3.9",
    "vuln": "CVE-2007-5492",
    "detection": [
      {
        "file": "database.inc.php",
        "variable": "SB_CURRENT_RELEASE",
        "subdir": 1
      }
    ]
  },
  {
    "name": "phpPgAdmin",
    "url": "http://phppgadmin.sourceforge.net/",
    "safe": "5.0.4",
    "vuln": "CVE-2012-1600",
    "detection": [
      {
        "file": "lib.inc.php",
        "variable": "$appVersion",
        "subdir": 1,
        "extra_match": "phpPgAdmin"
      }
    ]
  },
  {
    "name": "FTP Admin",
    "url": "http://ftpadmin.sourceforge.net/",
    "safe": "",
    "vuln": "CVE-2007-6234",
    "detection": [
      {
        "file": "session_start.php",
        "variable": "VERSION",
        "subdir": 0,
        "extra_match": "define(\"TITLE\", \"FTP Admin\");"
      }
    ]
  },
  {
    "name": "RoundCube",
    "url": "https://roundcube.net",
    "safe": "1.4.7",
    "old_safe": "1.3.14,1.2.11",
    "latest": "1.4.7",
    "vuln": "https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12",
    "detection": [
      {
        "file": "index.php",
        "variable": "RCMAIL_VERSION",
        "subdir": 0
      },
      {
        "file": "iniset.php",
        "variable": "RCMAIL_VERSION",
        "subdir": 2
      }
    ]
  },
  {
    "name": "Moodle",
    "url": "https://moodle.org/",
    "safe": "3.9.1",
    "old_safe": "3.8.4,3.7.7,3.5.13",
    "vuln": "CVE-2020-14320",
    "detection": [
      {
        "file": "version.php",
        "variable": "$release",
        "subdir": 0,
        "extra_match": "MOODLE VERSION INFORMATION"
      }
    ]
  },
  {
    "name": "cacti",
    "url": "https://cacti.net/",
    "safe": "1.2.8",
    "vuln": "CVE-2019-17357",
    "detection": [
      {
        "file": "global.php",
        "variable": "$config[\"cacti_version\"]",
        "subdir": 1
      }
    ]
  },
  {
    "name": "gnopaste",
    "url": "http://gnopaste.sf.net/",
    "safe": "0.5.4",
    "vuln": "CVE-2006-2834",
    "detection": [
      {
        "file": "install.php",
        "variable": "$_SESSION['page_title'] = 'gnopaste",
        "subdir": 0
      }
    ]
  },
  {
    "name": "Flyspray",
    "url": "http://www.flyspray.org/",
    "safe": "0.9.9.7",
    "vuln": "CVE-2012-1058",
    "detection": [
      {
        "file": "class.flyspray.php",
        "variable": "var $version",
        "subdir": 1
      }
    ]
  },
  {
    "name": "phpMyID",
    "url": "http://siege.org/projects/phpMyID",
    "safe": "",
    "vuln": "CVE-2008-4730",
    "detection": [
      {
        "file": "MyID.php",
        "variable": "@version",
        "subdir": 0
      }
    ]
  },
  {
    "name": "phplist",
    "url": "https://www.phplist.org/",
    "safe": "3.5.1",
    "vuln": "CVE-2020-8547",
    "detection": [
      {
        "file": "connect.php",
        "variable": "define(\"VERSION\"",
        "subdir": 1
      },
      {
        "file": "init.php",
        "variable": "define(\"VERSION\"",
        "subdir": 1
      }
    ]
  },
  {
    "name": "Matomo",
    "url": "https://matomo.org/",
    "safe": "3.13.4",
    "vuln": "https://matomo.org/changelog/matomo-3-13-4/",
    "latest": "3.13.4",
    "detection": [
      {
        "file": "Version.php",
        "variable": "const VERSION",
        "subdir": 1,
        "extra_match": "@link https://matomo.org"
      },
      {
        "file": "Version.php",
        "variable": "const VERSION",
        "subdir": 1,
        "extra_match": "@link http://piwik.org",
        "note": "when it was called Piwik"
      }
    ]
  },
  {
    "name": "phpWishlist",
    "url": "http://phpwishlist.sourceforge.net/",
    "safe": "0.1.15",
    "vuln": "CVE-2005-2203",
    "detection": [
      {
        "file": "header.inc.php",
        "variable": "$version",
        "subdir": 1,
        "extra_match": "* Wishlist -"
      }
    ]
  },
  {
    "name": "awstats",
    "url": "https://awstats.sourceforge.io/",
    "safe": "7.7",
    "vuln": "CVE-2017-1000501",
    "detection": [
      {
        "file": "awstats.pl",
        "variable": "$VERSION  =",
        "subdir": 0
      }
    ]
  },
  {
    "name": "phpMyFAQ",
    "url": "https://www.phpmyfaq.de/",
    "safe": "2.9.11",
    "vuln": "CVE-2018-16650",
    "detection": [
      {
        "file": "phpmyfaq.spec",
        "variable": "version",
        "subdir": 1
      }
    ]
  },
  {
    "name": "Horde-webmail",
    "url": "http://www.horde.org/",
    "safe": "",
    "vuln": "CVE-2019-12094",
    "detection": [
      {
        "file": "bundle.php",
        "variable": "BUNDLE_VERSION",
        "subdir": 1,
        "extra_match": "'Horde Groupware Webmail Edition'"
      },
      {
        "file": "Bundle.php",
        "variable": "VERSION",
        "subdir": 1,
        "extra_match": "'Horde Groupware Webmail Edition'"
      }
    ]
  },
  {
    "name": "ResourceSpace",
    "url": "https://www.resourcespace.com/",
    "safe": "4.2.2833",
    "vuln": "CVE-2011-4311",
    "latest": "4.3.2912",
    "detection": [
      {
        "file": "version.php",
        "variable": "$productname='ResourceSpace';$productversion",
        "subdir": 1
      }
    ]
  },
  {
    "name": "apc.php",
    "url": "http://pecl.php.net/package/APC",
    "safe": "301867",
    "vuln": "CVE-2010-3294",
    "note": "this does not contain it's \"real\" version number, using the CVS id instead - there's been an XSS pre 3.1.4.",
    "detection": [
      {
        "file": "apc.php",
        "variable": "$VERSION='$Id: apc.php",
        "subdir": 0
      }
    ]
  },
  {
    "name": "webtrees",
    "url": "https://www.webtrees.net/",
    "safe": "1.2.4",
    "vuln": "CVE-2014-100006",
    "latest": "1.5.2",
    "detection": [
      {
        "file": "session.php",
        "variable": "define('WT_VERSION'",
        "subdir": 1
      }
    ]
  },
  {
    "name": "PhpGedView",
    "url": "http://phpgedview.sourceforge.net/",
    "safe": "4.2.4",
    "vuln": "CVE-2011-0405",
    "detection": [
      {
        "file": "session.php",
        "variable": "define('PGV_VERSION'",
        "subdir": 1
      }
    ]
  },
  {
    "name": "status.net",
    "url": "http://status.net",
    "safe": "0.9.9",
    "vuln": "CVE-2011-3370",
    "detection": [
      {
        "file": "common.php",
        "variable": "define('STATUSNET_BASE_VERSION'",
        "subdir": 1
      }
    ]
  },
  {
    "name": "limesurvey",
    "url": "https://www.limesurvey.org/",
    "safe": "4.1.15",
    "vuln": "https://www.limesurvey.org/limesurvey-updates/2234-limesurvey-4-1-15-build-200402-released",
    "detection": [
      {
        "file": "common.php",
        "variable": "$versionnumber",
        "subdir": 0,
        "extra_match": "LimeSurvey",
        "note": "1.8.x and earlier"
      },
      {
        "file": "version.php",
        "variable": "$versionnumber",
        "subdir": 0,
        "extra_match": "$dbversionnumber",
        "note": "1.9.x"
      },
      {
        "file": "version.php",
        "variable": "$config['versionnumber']",
        "subdir": 2,
        "extra_match": "LimeSurvey",
        "note": "2.x and above"
      }
    ]
  },
  {
    "name": "webcalendar",
    "url": "http://www.k5n.us/webcalendar.php",
    "safe": "1.2.7",
    "vuln": "CVE-2013-1422",
    "detection": [
      {
        "file": "config.php",
        "variable": "$PROGRAM_VERSION",
        "subdir": 1,
        "extra_match": "@package WebCalendar"
      }
    ]
  },
  {
    "name": "nextcloud",
    "url": "https://nextcloud.com",
    "safe": "19.0.1",
    "old_safe": "18.0.7,18.0.6",
    "vuln": "CVE-2020-8183",
    "detection": [
      {
        "file": "version.php",
        "variable": "$OC_VersionString",
        "subdir": 0,
        "extra_match": "$vendor = 'nextcloud';"
      }
    ]
  },
  {
    "name": "owncloud",
    "url": "https://owncloud.org/",
    "safe": "10.3.2",
    "latest": "10.4.0",
    "vuln": "https://owncloud.org/security/advisories/ssrf-in-add-to-your-owncloud-functionality/",
    "detection": [
      {
        "file": "util.php",
        "variable": "return '",
        "subdir": 1,
        "extra_match": "class OC_Util",
        "note": "5.x and earlier"
      },
      {
        "file": "version.php",
        "variable": "$OC_VersionString",
        "subdir": 0,
        "extra_nomatch": "nextcloud"
      }
    ]
  },
  {
    "name": "videodb",
    "url": "http://www.videodb.net/",
    "safe": "4.0",
    "vuln": "https://www.exploit-db.com/exploits/17660",
    "detection": [
      {
        "file": "constants.php",
        "variable": "('VERSION',",
        "subdir": 1,
        "extra_match": "TBL_"
      }
    ]
  },
  {
    "name": "OpenX",
    "url": "http://www.openx.com/",
    "safe": "",
    "vuln": "https://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/",
    "detection": [
      {
        "file": "constants.php",
        "variable": "OA_VERSION",
        "subdir": 0,
        "extra_match": "OpenX"
      }
    ]
  },
  {
    "name": "revive",
    "url": "http://www.revive-adserver.com/",
    "safe": "3.0.5",
    "vuln": "CVE-2013-5954",
    "detection": [
      {
        "file": "constants.php",
        "variable": "VERSION",
        "subdir": 0,
        "extra_match": "Revive Adserver"
      }
    ]
  },
  {
    "name": "osTicket",
    "url": "https://osticket.com/",
    "safe": "1.12.1",
    "old_safe": "1.10.7",
    "vuln": "CVE-2019-14750",
    "latest": "1.14.1",
    "detection": [
      {
        "file": "bootstrap.php",
        "variable": "define('THIS_VERSION',",
        "subdir": 0
      }
    ]
  },
  {
    "name": "Gitlist",
    "url": "https://gitlist.org/",
    "safe": "0.7.0",
    "vuln": "CVE-2018-1000533",
    "latest": "1.0.2",
    "detection": [
      {
        "file": "footer.twig",
        "variable": "Powered by",
        "subdir": 3
      }
    ]
  },
  {
    "name": "reveal.js",
    "url": "https://revealjs.com/",
    "safe": "3.9.2",
    "vuln": "CVE-2020-8127",
    "latest": "3.9.2",
    "detection": [
      {
        "file": "reveal.js",
        "variable": "var VERSION",
        "subdir": 1
      }
    ]
  }
]