Fluid Attacks Database

Description

phpMyAdmin CSRF Vulnerability phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	phpmyadmin/phpmyadmin	>=4.7 <4.7.7	4.7.7

Aliases

1. CVE-2017-10004992. NVD-2017-10004993. OSV-2017-10004994. GCVE-2017-1000499

References

1. https://web.archive.org/web/20201208204518/http://www.securitytracker.com/id/10401632. https://www.exploit-db.com/exploits/452843. https://www.phpmyadmin.net/security/PMASA-2017-94. http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click5. https://github.com/Villaquiranm/5MMISSI-CVE-2017-1000499

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.