Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-6830 — Sensitive Information Exposure in Phpmyadmin

CWE-200 — Sensitive Information Exposure10 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

21.2%

top 4.32%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedSep 14

Latest updateAug 18

Description

libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.4.14.1-1 (bookworm)

▶Packagistphpmyadmin/phpmyadmin4.3.0 — 4.3.13.2+1

▶Debianphpmyadmin/phpmyadmin< 4:4.4.14.1-1+3

▶NVDphpmyadmin/phpmyadmin31 versions+30

Patches

Patch: www.phpmyadmin.net ↗Patch: www.phpmyadmin.net ↗

🔴Vulnerability Details

GHSA

phpMyAdmin ReCaptcha bypass↗2022-05-17

▶

OSV

phpMyAdmin ReCaptcha bypass↗2022-05-17

▶

OSV

CVE-2015-6830: libraries/plugins/auth/AuthenticationCookie↗2015-09-14

▶

💥Exploits & PoCs

Exploit-DB

PHPMyAdmin 3.0 - Bruteforce Login Bypass↗2025-08-18

▶

📋Vendor Advisories

Debian

CVE-2015-6830: phpmyadmin - libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before...↗2015

▶

💬Community

Bugzilla

CVE-2015-6830 phpMyAdmin: Bypassing the reCaptcha test [epel-all]↗2015-09-10

▶

Bugzilla

CVE-2015-6830 phpMyAdmin: Bypassing the reCaptcha test↗2015-09-10

▶

Bugzilla

CVE-2015-6830 phpMyAdmin4: phpMyAdmin: Bypassing the reCaptcha test [epel-7]↗2015-09-10

▶

Bugzilla

CVE-2015-6830 phpMyAdmin: Bypassing the reCaptcha test [fedora-all]↗2015-09-10

▶