Fluid Attacks Database

Description

phpMyAdmin SSRF in replication phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	phpmyadmin	>=0 <4:4.6.6-1	4:4.6.6-1
packagist	phpmyadmin/phpmyadmin	>=4.6 <4.6.6 \|\| >=4.4 <4.4.15.10 \|\| >=4.0 <4.0.10.19	4.6.6, 4.4.15.10, 4.0.10.19
debian 13	phpmyadmin	>=0 <4:4.6.6-1	4:4.6.6-1
debian 11	phpmyadmin	>=0 <4:4.6.6-1	4:4.6.6-1

Aliases

1. CVE-2017-10000172. NVD-2017-10000173. OSV-DEBIAN-2017-10000174. OSV-2017-10000175. GCVE-2017-10000176. SECURITY-TRACKER-CVE-2017-1000017

References

1. https://www.phpmyadmin.net/security/PMASA-2017-62. http://www.securityfocus.com/bid/95732