Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1nbWM3LWp2djctdzI0Nc4AAgCV

High CVSS: 8.0 EPSS: 0.00694% (0.7054 Percentile) EPSS:
Permalink JSON

phpMyAdmin allows remote attackers to bypass authentication and obtain sensitive information

Affected Packages Affected Versions Fixed Versions
packagist:phpmyadmin/phpmyadmin < 3.4.0-beta1 3.4.0-beta1
4 Dependent packages
15 Dependent repositories
353,741 Downloads total

Affected Version Ranges

All affected versions

All unaffected versions

4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 4.7.7, 4.7.8, 4.7.9, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 4.8.5, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.9.7, 4.9.8, 4.9.9, 4.9.10, 4.9.11, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.2.0, 5.2.1, 5.2.2

phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function.

References:

Identifiers

GHSA-gmc7-jvv7-w245

CVE-2010-4481

Risk

Severity

High

CVSS

CVSS Score: 8.0

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

EPSS

EPSS Percentage: 0.00694

EPSS Percentile: 0.7054

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://sourceforge.net/projects/phpmyadmin.sourceforge.net

Date and time

Published

over 3 years ago

Updated

5 months ago

API

JSON