GHSA-567r-vqj7-5cw7

Опубликовано: 17 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

phpMyAdmin Authentication Bypass

An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

Ссылки

Пакеты

Наименование

phpmyadmin/phpmyadmin

composer

Затронутые версииВерсия исправления

>= 4.6, < 4.6.4

4.6.4

Наименование

phpmyadmin/phpmyadmin

composer

Затронутые версииВерсия исправления

>= 4.4, < 4.4.15.8

4.4.15.8

Наименование

phpmyadmin/phpmyadmin

composer

Затронутые версииВерсия исправления

>= 4.0, < 4.0.10.17

4.0.10.17

EPSS

Процентиль: 63%

0.00452

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2016-6629

Связанные уязвимости

CVE-2016-6629

CVSS3: 9.8

ubuntu

больше 8 лет назад

An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.