Arbitrary MySQL Server Connection Vulnerability in phpMyAdmin by phpMyAdmin
CVE-2017-1000017

8.8HIGH

Key Information:

Vendor: PHPmyadmin
Status: PHPmyadmin
Vendor: CVE Published:; 17 July 2017

Summary

phpMyAdmin versions 4.0, 4.4, and 4.6 are susceptible to a security flaw that allows users with the right permissions to connect to any MySQL server. This vulnerability could lead to potential exposure and manipulation of databases, making it crucial for users to ensure they are using updated versions to mitigate risks. For further details, please refer to the security advisories provided by phpMyAdmin.

References

https://www.phpmyadmin.net/security/PMASA-2017-6

x_refsource_CONFIRM

http://www.securityfocus.com/bid/95732

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 17, 2017
Vulnerability Reserved
Jul 10, 2017