Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
phpMyAdmin Permissions Privileges and Access Controls Vulnerability - CVE-2016-9849 - Vulnerability Database
phpMyAdmin

phpMyAdmin Permissions Privileges and Access Controls Vulnerability - CVE-2016-9849

Critical
Reference: CVE-2016-9849
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-9849
Title: phpMyAdmin Permissions Privileges and Access Controls Vulnerability
Overview:

An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction (cfg39Servers39i39AllowRoot39) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5) 4.4.x versions (prior to 4.4.15.9) and 4.0.x versions (prior to 4.0.10.18) are affected.