Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
phpmyadminPhpMyAdminPHPMYADMIN:PMASA-2014-7
HistoryJul 17, 2014 - 12:00 a.m.

Access for an unprivileged user to MySQL user list.

2014-07-1700:00:00
www.phpmyadmin.net
13

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

EPSS

0.002

Percentile

53.9%

JSON

PMASA-2014-7

Announcement-ID: PMASA-2014-7

Date: 2014-07-17

Summary

Access for an unprivileged user to MySQL user list.

Description

An unpriviledged user could view the MySQL user list and manipulate the tabs displayed in phpMyAdmin for them.

Severity

We consider this vulnerability to be non critical.

Mitigation factor

This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required pages. Moreover, the configuration storage must be set up for the user groups feature.

Affected Versions

Versions 4.1.x (prior to 4.1.14.2) and 4.2.x (prior to 4.2.6) are affected.

Solution

Upgrade to phpMyAdmin 4.1.14.2 or newer, or 4.2.6 or newer, or apply the patch listed below.

References

Thanks to Chirayu Chiripal for reporting this vulnerability.

Assigned CVE ids: CVE-2014-4987

CWE ids: CWE-661

Patches

The following commits have been made to fix this issue:

The following commits have been made on the 4.1 branch to fix this issue:

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

Related

openvas 4
debiancve 1
nvd 1
cve 1
prion 1
ubuntucve 1
cvelist 1
mageia 1
nessus 6
freebsd 1
securityvulns 2
gentoo 1
openvas
openvas
phpMyAdmin Bypass Restriction Vulnerability (PMASA-2014-7) - Windows
2017-08-21 00:00:00
phpMyAdmin Bypass Restriction Vulnerability (PMASA-2014-7) - Linux
2017-08-21 00:00:00
Mageia: Security Advisory (MGASA-2014-0310)
2022-01-28 00:00:00
debiancve
debiancve
CVE-2014-4987
2014-07-20 11:12:51
nvd
nvd
CVE-2014-4987
2014-07-20 11:12:51
cve
cve
CVE-2014-4987
2014-07-20 11:12:51
prion
prion
Design/Logic Flaw
2014-07-20 11:12:00
ubuntucve
ubuntucve
CVE-2014-4987
2014-07-20 00:00:00
cvelist
cvelist
CVE-2014-4987
2014-07-20 10:00:00
mageia
mageia
Updated phpmyadmin package fixes security vulnerabilities
2014-08-06 00:08:48
nessus
nessus
phpMyAdmin 4.0.x < 4.0.10.1 / 4.1.x < 4.1.14.2 / 4.2.x < 4.2.6 Multiple Vulnerabilities (PMASA-2014-4 - PMASA-2014-7)
2014-07-30 00:00:00
Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:143)
2014-07-31 00:00:00
FreeBSD : phpMyAdmin -- multiple XSS vulnerabilities, missing validation (3f09ca29-0e48-11e4-b17a-6805ca0b3d42)
2014-07-20 00:00:00
freebsd
freebsd
phpMyAdmin -- multiple XSS vulnerabilities, missing validation
2014-07-18 00:00:00
securityvulns
securityvulns
[ MDVSA-2014:143 ] phpmyadmin
2014-10-14 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-10-14 00:00:00
gentoo
gentoo
phpMyAdmin: Multiple vulnerabilities
2015-05-31 00:00:00

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

EPSS

0.002

Percentile

53.9%

JSON
Related for PHPMYADMIN:PMASA-2014-7
openvas4debiancve1nvd1cve1prion1ubuntucve1cvelist1mageia1nessus6freebsd1securityvulns2gentoo1