CVE-2017-1000499
Last modified
CVE-2017-1000499 is a vulnerability of currently unknown severity. phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.. EPSS estimates a 8.46% chance of exploitation in the next 30 days.
Description
phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Phpmyadmin | Phpmyadmin | >= 4.7.0, < 4.7.7 |
References
- http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/Exploit, Patch, Third Party Advisory
- http://www.securitytracker.com/id/1040163Third Party Advisory, VDB Entry
- https://www.exploit-db.com/exploits/45284/Exploit, Third Party Advisory, VDB Entry
- https://www.phpmyadmin.net/security/PMASA-2017-9/Patch, Vendor Advisory
- http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/Exploit, Patch, Third Party Advisory
- http://www.securitytracker.com/id/1040163Third Party Advisory, VDB Entry
- https://www.exploit-db.com/exploits/45284/Exploit, Third Party Advisory, VDB Entry
- https://www.phpmyadmin.net/security/PMASA-2017-9/Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-1000499?
How severe is CVE-2017-1000499?
How do I fix CVE-2017-1000499?
Are you affected by CVE-2017-1000499?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST