CVE-2017-18264

An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions (e.g., version 5). This can allow the login of users who have no password set even if the administrator has set $cfg['Servers'][$i]['AllowNoPassword'] to false (which is also the default). This occurs because some implementations of the PHP substr function return false when given '' as the first argument.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
phpmyadminphpmyadmin
4.0.0 ≤
𝑥
< 4.0.10.20
phpmyadminphpmyadmin
4.4.0 ≤
𝑥
≤ 4.4.15.10
phpmyadminphpmyadmin
4.6.0 ≤
𝑥
≤ 4.6.6
phpmyadminphpmyadmin
4.7.0:beta1
phpmyadminphpmyadmin
4.7.0:rc1
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
phpmyadmin
bullseye
4:5.0.4+dfsg2-2+deb11u1
fixed
bookworm
4:5.2.1+dfsg-1
fixed
sid
4:5.2.1+dfsg-4
fixed
trixie
4:5.2.1+dfsg-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
phpmyadmin
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
dne
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
not-affected
xenial
Fixed 4:4.5.4.1-2ubuntu2.1+esm3
released
trusty
Fixed 4:4.0.10-1ubuntu0.1+esm4
released
References
http://www.securityfocus.com/bid/97211
https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html
https://www.phpmyadmin.net/security/PMASA-2017-8/
http://www.securityfocus.com/bid/97211
https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html
https://www.phpmyadmin.net/security/PMASA-2017-8/