Description

An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

Remediation

References

CVE-2016-9849

Related Vulnerabilities

Jboss EAP Improper Input Validation Vulnerability (CVE-2020-1732)

WordPress Plugin WooCommerce Product Table Lite Cross-Site Scripting (2.3.0)

MySQL CVE-2020-2898 Vulnerability (CVE-2020-2898)

WebLogic CVE-2023-21931 Vulnerability (CVE-2023-21931)

Jenkins Improper Input Validation Vulnerability (CVE-2021-21606)

Severity

Critical

Classification

CVE-2016-9849 CWE-264 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities