Description
phpMyAdmin Authentication Bypass
An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 11 | | | 4:4.6.4+dfsg1-1 |
 alpine v3.2 | | =3.3.10-r0 || =3.3.10-r1 || =3.3.10-r2 || =3.4.11.1-r0 || =3.4.9-r0 || =4.0.0-r0 || =4.0.1-r0 || =4.0.10-r0 || =4.0.2-r0 || =4.0.3-r0 || =4.0.4.1-r0 || =4.0.4.2-r0 || =4.0.5-r0 || =4.0.6-r0 || =4.0.7-r0 || =4.0.8-r0 || =4.0.8-r1 || =4.0.8-r2 || =4.0.9-r0 || =4.1.11-r0 || =4.1.12-r0 || =4.1.13-r0 || =4.1.14-r0 || =4.1.4-r0 || =4.1.5-r0 || =4.1.6-r0 || =4.1.7-r0 || =4.1.8-r0 || =4.1.9-r0 || =4.2.0-r0 || =4.2.1-r0 || =4.2.10-r0 || =4.2.10.1-r0 || =4.2.11-r0 || =4.2.12-r0 || =4.2.13.1-r0 || =4.2.2-r0 || =4.2.3-r0 || =4.2.4-r0 || =4.2.5-r0 || =4.2.6-r0 || =4.2.7-r0 || =4.2.7.1-r0 || =4.2.8-r0 || =4.2.8.1-r0 || =4.2.9-r0 || =4.2.9.1-r0 || =4.3.0-r0 || =4.3.1-r0 || =4.3.10-r0 || =4.3.11.1-r0 || =4.3.12-r0 || =4.3.13-r0 || =4.3.3-r0 || =4.3.4-r0 || =4.3.5-r0 || =4.3.7-r0 || =4.3.8-r0 || =4.3.9-r0 || =4.4.1.1-r0 || =4.4.15-r0 || =4.4.15.1-r0 || =4.4.15.4-r0 || =4.4.15.7-r0 || =4.4.3-r0 || =4.4.4-r0 || =4.4.5-r0 || =4.4.7-r0 || >=0 <4.4.15.8-r0 | 4.4.15.8-r0 |
 packagist | | >=4.6 <4.6.4 || >=4.4 <4.4.15.8 || >=4.0 <4.0.10.17 | 4.6.4, 4.4.15.8, 4.0.10.17 |
debian 12 | | | 4:4.6.4+dfsg1-1 |
debian 13 | | | 4:4.6.4+dfsg1-1 |
