Описание
An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 4:4.6.5.1-1 |
| bionic | not-affected | 4:4.6.5.1-1 |
| cosmic | not-affected | 4:4.6.5.1-1 |
| devel | not-affected | 4:4.6.5.1-1 |
| disco | not-affected | 4:4.6.5.1-1 |
| eoan | DNE | |
| esm-apps/bionic | not-affected | 4:4.6.5.1-1 |
| esm-apps/focal | not-affected | 4:4.6.5.1-1 |
| esm-apps/jammy | not-affected | 4:4.6.5.1-1 |
| esm-apps/xenial | released | 4:4.5.4.1-2ubuntu2.1+esm5 |
Показывать по
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
An issue was discovered in phpMyAdmin. It is possible to bypass AllowR ...
An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
7.5 High
CVSS2
9.8 Critical
CVSS3