Lucene search
MitreCVELIST:CVE-2017-18264HistoryMay 01, 2018 - 5:00 p.m.
CVE-2017-18264
2018-05-0117:00:00
mitre
raw.githubusercontent.com
2
An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg[‘Servers’][$i][‘AllowNoPassword’] = false are bypassed under certain PHP versions (e.g., version 5). This can allow the login of users who have no password set even if the administrator has set $cfg[‘Servers’][$i][‘AllowNoPassword’] to false (which is also the default). This occurs because some implementations of the PHP substr function return false when given ‘’ as the first argument.
Related
cve
cve
CVE-2017-18264
2018-05-01 17:29:00
github
github
phpMyAdmin Improper Privilege Management
2022-05-13 01:44:38
debiancve
debiancve
CVE-2017-18264
2018-05-01 17:29:00
openvas
openvas
phpMyAdmin Security Bypass Vulnerability-PMASA-2017-8
2018-05-03 00:00:00
Debian: Security Advisory (DLA-1415-1)
2018-07-09 00:00:00
Ubuntu: Security Advisory (USN-4843-1)
2023-01-27 00:00:00
ubuntucve
ubuntucve
CVE-2017-18264
2018-05-01 00:00:00
osv
osv
phpMyAdmin Improper Privilege Management
2022-05-13 01:44:38
CVE-2017-18264
2018-05-01 17:29:00
phpmyadmin - security update
2018-07-06 00:00:00
prion
prion
Design/Logic Flaw
2018-05-01 17:29:00
phpmyadmin
phpmyadmin
Bypass $cfg['Servers'][$i]['AllowNoPassword']
2017-03-28 00:00:00
debian
debian
[SECURITY] [DLA 1415-1] phpmyadmin security update
2018-07-06 09:21:40
nessus
nessus
Debian DLA-1415-1 : phpmyadmin security update
2018-07-09 00:00:00
ubuntu
ubuntu
phpMyAdmin vulnerabilities
2021-03-16 00:00:00