phpMyAdmin 4.0.10.x < / 4.4.15.x < / 4.6.x < 4.6.6 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 9936
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote web server contains a version of phpMyAdmin that is affected by multiple vulnerabilities.


Versions of phpMyAdmin 4.0.10.x prior to, 4.4.15.x prior to, and 4.6.x prior to 4.6.6 are unpatched, and therefore affected by the following vulnerabilities :

- A flaw exists that allows a cross-site redirection attack. This flaw exists because the application does not validate request paths before returning them to the user. This could allow a context-dependent attacker to create a specially crafted link that, if followed, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appears to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client-side software such as a web browser or document rendering programs, as well as phishing attacks that mimic the legitimate site but send user-supplied information to the attacker.
- A flaw exists in the 'goto()' function that is triggered during the handling of table data, which may launch a recursive include operation. This may allow a remote attacker to cause a denial of service.
- A flaw exists that is due to the program failing to sanitize input passed via cookie parameters. This may allow a remote attacker to inject arbitrary CSS in themes.
- A flaw exists in replication status that is triggered during the handling of a specially crafted table name. This may allow a remote attacker to cause a denial of service.
- A flaw exists related to request handling between a user and a server, where the server can be induced into performing unintended actions (Server Side Request Forgery, or SSRF). By making a crafted request, the server can be used to conduct host-based attacks. This may allow an authenticated remote attacker to bypass access restrictions (e.g. host or network ACLs) and connect to hosts without the appropriate authorization. It is unclear if this may be leveraged for further impacts.


Upgrade to phpMyAdmin version 4.6.6 or later. If 4.6.x cannot be obtained, versions and have also been patched for these vulnerabilities.

See Also

Plugin Details

Severity: High

ID: 9936

Family: CGI

Published: 2/3/2017

Updated: 3/6/2019

Dependencies: 9102

Risk Information


Risk Factor: High

Base Score: 7.8

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Risk Factor: High

Base Score: 7.5

Temporal Score: 7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*

Patch Publication Date: 1/24/2017

Vulnerability Publication Date: 1/24/2017