CVE-2017-1000499 — phpMyAdmin CSRF Vulnerability

Description

phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.

How to fix CVE-2017-1000499

To remediate CVE-2017-1000499, upgrade the affected package to a fixed version below.

Packagist/phpmyadmin/phpmyadmin—upgrade to 4.7.7 or later

Is CVE-2017-1000499 being exploited?

Moderate — EPSS is 11.4%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

>= 4.7, < 4.7.7

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2017-1000499
WEBcyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click
WEBweb.archive.org/web/20201208204518/http://www.securitytracker.com/id/1040163
WEBwww.exploit-db.com/exploits/45284