CVE-2017-1000499

phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
phpmyadminphpmyadmin
4.7.0 ≤
𝑥
< 4.7.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
phpmyadmin
bullseye
4:5.0.4+dfsg2-2+deb11u1
fixed
bookworm
4:5.2.1+dfsg-1
fixed
sid
4:5.2.1+dfsg-4
fixed
trixie
4:5.2.1+dfsg-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
phpmyadmin
bionic
not-affected
artful
ignored
zesty
ignored
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/
http://www.securitytracker.com/id/1040163
https://www.exploit-db.com/exploits/45284/
https://www.phpmyadmin.net/security/PMASA-2017-9/
http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/
http://www.securitytracker.com/id/1040163
https://www.exploit-db.com/exploits/45284/
https://www.phpmyadmin.net/security/PMASA-2017-9/