Arbitrary Cookie Injection Vulnerability in phpMyAdmin
CVE-2017-1000016

7.5HIGH

Key Information:

Vendor: PHPmyadmin
Status: PHPmyadmin
Vendor: CVE Published:; 17 July 2017

Summary

A vulnerability has been identified in phpMyAdmin that allows an attacker to inject arbitrary values into browser cookies. This issue stems from an incomplete fix related to previous security advisories, highlighting the need for ongoing vigilance in web application security. Proper validation and sanitization of cookie values are essential to mitigate this risk.

References

https://www.phpmyadmin.net/security/PMASA-2017-5

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 17, 2017
Vulnerability Reserved
Jul 10, 2017