CVE-2017-1000016Improper Input Validation in Phpmyadmin

CWE-20Improper Input Validation9 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 34.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PhpmyadminDebian Phpmyadmin
Timeline
PublishedJul 17
Latest updateMay 17

Description

A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

debiandebian/phpmyadmin< phpmyadmin 4:4.6.6-1 (bookworm)
Packagistphpmyadmin/phpmyadmin4.64.6.6
Debianphpmyadmin/phpmyadmin< 4:4.6.6-1+3
NVDphpmyadmin/phpmyadmin8 versions+7

🔴Vulnerability Details

3
OSV
phpMyAdmin Cookie attribute injection attack2022-05-17
GHSA
phpMyAdmin Cookie attribute injection attack2022-05-17
OSV
CVE-2017-1000016: A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies2017-07-17

📋Vendor Advisories

1
Debian
CVE-2017-1000016: phpmyadmin - A weakness was discovered where an attacker can inject arbitrary values in to th...2017

💬Community

4
Bugzilla
CVE-2017-1000013 CVE-2017-1000014 CVE-2017-1000015 CVE-2017-1000016 CVE-2017-1000017 CVE-2017-1000018 phpMyAdmin: various flaws [fedora-all]2017-01-24
Bugzilla
CVE-2017-1000013 CVE-2017-1000014 CVE-2017-1000015 CVE-2017-1000016 CVE-2017-1000017 CVE-2017-1000018 phpMyAdmin4: various flaws [epel-5]2017-01-24
Bugzilla
CVE-2017-1000013 CVE-2017-1000014 CVE-2017-1000015 CVE-2017-1000016 CVE-2017-1000017 CVE-2017-1000018 phpMyAdmin: various flaws [epel-all]2017-01-24
Bugzilla
CVE-2017-1000016 phpMyAdmin: Cookie attribute injection attack2017-01-24