Fluid Attacks Database

Description

phpMyAdmin Cookie attribute injection attack A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	phpmyadmin/phpmyadmin	>=4.6 <4.6.6	4.6.6
debian 13	phpmyadmin	>=0 <4:4.6.6-1	4:4.6.6-1
debian 11	phpmyadmin	>=0 <4:4.6.6-1	4:4.6.6-1
debian 12	phpmyadmin	>=0 <4:4.6.6-1	4:4.6.6-1

Aliases

1. CVE-2017-10000162. NVD-2017-10000163. OSV-2017-10000164. OSV-DEBIAN-2017-10000165. GCVE-2017-10000166. SECURITY-TRACKER-CVE-2017-1000016

References

1. https://github.com/phpmyadmin/phpmyadmin/commit/3b6ed1f2. https://www.phpmyadmin.net/security/PMASA-2017-5