Published: 03/01/2018 Updated: 30/04/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

phpMyAdmin versions 4.7.x (before 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpmyadmin phpmyadmin

# Exploit Title: phpMyAdmin 47x - Cross-Site Request Forgery # Date: 2018-08-28 # Exploit Author: VulnSpy # Vendor Homepage: wwwphpmyadminnet/ # Software Link: wwwphpmyadminnet/downloads/ # Version: Versions 47x (prior to 477) # Tested on: php7 mysql5 # CVE: CVE-2017-1000499 -- Original Exploit Author: Ashutosh Barot # O ...

phpMyAdmin version 47x suffers from a cross site request forgery vulnerability ...

5MMISSI-CVE-2017-1000499 PoC of CVE-2017-1000499 phpMyAdmin versions 47x (prior to 4761/477) are vulnerable to a CSRF weakness By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc Contents Makefile web/indexhtml Instructions Getting all prepared git clone https:/

CWE-352 https://www.phpmyadmin.net/security/PMASA-2017-9/http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/http://www.securitytracker.com/id/1040163 https://www.exploit-db.com/exploits/45284/https://nvd.nist.gov https://github.com/Villaquiranm/5MMISSI-CVE-2017-1000499 https://www.exploit-db.com/exploits/45284/

CVE-2017-1000499

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect