CVE-2017-18264

EUVD-2022-2531
An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions (e.g., version 5). This can allow the login of users who have no password set even if the administrator has set $cfg['Servers'][$i]['AllowNoPassword'] to false (which is also the default). This occurs because some implementations of the PHP substr function return false when given '' as the first argument.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Affected Products (NVD)
VendorProductVersion
phpmyadminphpmyadmin
4.0.0 ≤
𝑥
< 4.0.10.20
phpmyadminphpmyadmin
4.4.0 ≤
𝑥
≤ 4.4.15.10
phpmyadminphpmyadmin
4.6.0 ≤
𝑥
≤ 4.6.6
phpmyadminphpmyadmin
4.7.0:beta1
phpmyadminphpmyadmin
4.7.0:rc1
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
phpmyadmin
bookworm
4:5.2.1+dfsg-1
fixed
bullseye
4:5.0.4+dfsg2-2+deb11u1
fixed
sid
4:5.2.1+dfsg-4
fixed
trixie
4:5.2.1+dfsg-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
phpmyadmin
artful
not-affected
bionic
not-affected
cosmic
not-affected
disco
not-affected
eoan
dne
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
trusty
Fixed 4:4.0.10-1ubuntu0.1+esm4
released
xenial
Fixed 4:4.5.4.1-2ubuntu2.1+esm3
released
References
http://www.securityfocus.com/bid/97211
https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html
https://www.phpmyadmin.net/security/PMASA-2017-8/
http://www.securityfocus.com/bid/97211
https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html
https://www.phpmyadmin.net/security/PMASA-2017-8/