First published: Sun Dec 11 2016(Updated: )
An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
phpMyAdmin phpMyAdmin | =4.0.0 | |
phpMyAdmin phpMyAdmin | =4.0.1 | |
phpMyAdmin phpMyAdmin | =4.0.2 | |
phpMyAdmin phpMyAdmin | =4.0.3 | |
phpMyAdmin phpMyAdmin | =4.0.4 | |
phpMyAdmin phpMyAdmin | =4.0.4.1 | |
phpMyAdmin phpMyAdmin | =4.0.4.2 | |
phpMyAdmin phpMyAdmin | =4.0.5 | |
phpMyAdmin phpMyAdmin | =4.0.6 | |
phpMyAdmin phpMyAdmin | =4.0.7 | |
phpMyAdmin phpMyAdmin | =4.0.8 | |
phpMyAdmin phpMyAdmin | =4.0.9 | |
phpMyAdmin phpMyAdmin | =4.0.10 | |
phpMyAdmin phpMyAdmin | =4.0.10.1 | |
phpMyAdmin phpMyAdmin | =4.0.10.2 | |
phpMyAdmin phpMyAdmin | =4.0.10.3 | |
phpMyAdmin phpMyAdmin | =4.0.10.4 | |
phpMyAdmin phpMyAdmin | =4.0.10.5 | |
phpMyAdmin phpMyAdmin | =4.0.10.6 | |
phpMyAdmin phpMyAdmin | =4.0.10.7 | |
phpMyAdmin phpMyAdmin | =4.0.10.8 | |
phpMyAdmin phpMyAdmin | =4.0.10.9 | |
phpMyAdmin phpMyAdmin | =4.0.10.10 | |
phpMyAdmin phpMyAdmin | =4.0.10.11 | |
phpMyAdmin phpMyAdmin | =4.0.10.12 | |
phpMyAdmin phpMyAdmin | =4.0.10.13 | |
phpMyAdmin phpMyAdmin | =4.0.10.14 | |
phpMyAdmin phpMyAdmin | =4.0.10.15 | |
phpMyAdmin phpMyAdmin | =4.0.10.16 | |
phpMyAdmin phpMyAdmin | =4.0.10.17 | |
phpMyAdmin phpMyAdmin | =4.6.0 | |
phpMyAdmin phpMyAdmin | =4.6.1 | |
phpMyAdmin phpMyAdmin | =4.6.2 | |
phpMyAdmin phpMyAdmin | =4.6.3 | |
phpMyAdmin phpMyAdmin | =4.6.4 | |
phpMyAdmin phpMyAdmin | =4.4.0 | |
phpMyAdmin phpMyAdmin | =4.4.1 | |
phpMyAdmin phpMyAdmin | =4.4.1.1 | |
phpMyAdmin phpMyAdmin | =4.4.2 | |
phpMyAdmin phpMyAdmin | =4.4.3 | |
phpMyAdmin phpMyAdmin | =4.4.4 | |
phpMyAdmin phpMyAdmin | =4.4.5 | |
phpMyAdmin phpMyAdmin | =4.4.6 | |
phpMyAdmin phpMyAdmin | =4.4.6.1 | |
phpMyAdmin phpMyAdmin | =4.4.7 | |
phpMyAdmin phpMyAdmin | =4.4.8 | |
phpMyAdmin phpMyAdmin | =4.4.9 | |
phpMyAdmin phpMyAdmin | =4.4.10 | |
phpMyAdmin phpMyAdmin | =4.4.11 | |
phpMyAdmin phpMyAdmin | =4.4.12 | |
phpMyAdmin phpMyAdmin | =4.4.13 | |
phpMyAdmin phpMyAdmin | =4.4.13.1 | |
phpMyAdmin phpMyAdmin | =4.4.14 | |
phpMyAdmin phpMyAdmin | =4.4.14.1 | |
phpMyAdmin phpMyAdmin | =4.4.15 | |
phpMyAdmin phpMyAdmin | =4.4.15.1 | |
phpMyAdmin phpMyAdmin | =4.4.15.2 | |
phpMyAdmin phpMyAdmin | =4.4.15.3 | |
phpMyAdmin phpMyAdmin | =4.4.15.4 | |
phpMyAdmin phpMyAdmin | =4.4.15.5 | |
phpMyAdmin phpMyAdmin | =4.4.15.6 | |
phpMyAdmin phpMyAdmin | =4.4.15.7 | |
phpMyAdmin phpMyAdmin | =4.4.15.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.