phpMyAdmin Permissions Privileges and Access Controls Vulnerability - CVE-2016-9849 - Vulnerability Database

phpMyAdmin Permissions Privileges and Access Controls Vulnerability - CVE-2016-9849

Critical

Reference: CVE-2016-9849

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-9849

Title: phpMyAdmin Permissions Privileges and Access Controls Vulnerability

Overview:

An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction (cfg39Servers39i39AllowRoot39) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5) 4.4.x versions (prior to 4.4.15.9) and 4.0.x versions (prior to 4.0.10.18) are affected.