Design/Logic Flaw

2014-07-2011:12:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.9%

JSON

server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.

CPENameOperatorVersion
opensuseeq12.3
opensuseeq13.1
phpmyadmineq4.1.14.1
phpmyadmineq4.1.2
phpmyadmineq4.2.1
phpmyadmineq4.1.8
phpmyadmineq4.1.10
phpmyadmineq4.1.5
phpmyadmineq4.1.6
phpmyadmineq4.2.2

Name	Operator	Version
opensuse	eq	12.3
opensuse	eq	13.1
phpmyadmin	eq	4.1.14.1
phpmyadmin	eq	4.1.2
phpmyadmin	eq	4.2.1
phpmyadmin	eq	4.1.8
phpmyadmin	eq	4.1.10
phpmyadmin	eq	4.1.5
phpmyadmin	eq	4.1.6
phpmyadmin	eq	4.2.2