CVE-2016-9849 — Phpmyadmin vulnerability
Severity
9.8CRITICALNVD
OSV5.0
EPSS
0.2%
top 55.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 11
Latest updateMay 17
Description
An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9