CVE-2014-4987 — Phpmyadmin vulnerability

CWE-2645 documents5 sources

Severity

4.0MEDIUMNVD

EPSS

0.2%

top 58.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin Opensuse

Timeline

PublishedJul 20

Latest updateJul 5

Description

server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.2.6-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:4.2.6-1+3

▶NVDphpmyadmin/phpmyadmin22 versions+21

▶NVDopensuse/opensuse12.3, 13.1+1

🔴Vulnerability Details

GHSA

GHSA-pvp5-3q7r-jxp6: server_user_groups↗2022-05-14

▶

OSV

CVE-2014-4987: server_user_groups↗2014-07-20

▶

📋Vendor Advisories

Debian

CVE-2014-4987: phpmyadmin - server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2....↗2014

▶

📄Research Papers

arXiv

SQLaser: Detecting DBMS Logic Bugs with Clause-Guided Fuzzing↗2024-07-05

▶