Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-9218 — Phpmyadmin vulnerability

CWE-39912 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

15.3%

top 5.37%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedDec 8

Latest updateMay 17

Description

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.2.12-2 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:4.2.12-2+3

▶Ubuntuphpmyadmin/phpmyadmin< 4:4.0.10-1ubuntu0.1+esm4+3

▶NVDphpmyadmin/phpmyadmin51 versions+50

🔴Vulnerability Details

GHSA

GHSA-756j-8p5m-2p7m: libraries/common↗2022-05-17

▶

OSV

phpmyadmin vulnerabilities↗2021-03-16

▶

OSV

CVE-2014-9218: libraries/common↗2014-12-08

▶

💥Exploits & PoCs

Exploit-DB

phpMyAdmin 4.0.x/4.1.x/4.2.x - Denial of Service↗2014-12-15

▶

📋Vendor Advisories

Ubuntu

phpMyAdmin vulnerabilities↗2021-03-16

▶

Debian

CVE-2014-9218: phpmyadmin - libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.1...↗2014

▶

💬Community

Bugzilla

CVE-2014-9218 phpMyAdmin: Denial of Service with long passwords [epel-7]↗2014-12-04

▶

Bugzilla

CVE-2014-9218 phpMyAdmin: Denial of Service with long passwords [fedora-all]↗2014-12-04

▶

Bugzilla

CVE-2014-9218 phpMyAdmin: Denial of Service with long passwords↗2014-12-04

▶

Bugzilla

CVE-2014-9218 phpMyAdmin: Denial of Service with long passwords [epel-6]↗2014-12-04

▶

Bugzilla

CVE-2014-9218 phpMyAdmin4: phpMyAdmin: Denial of Service with long passwords [epel-5]↗2014-12-04

▶