An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| phpmyadmin/phpmyadmin(Packagist) | 4.6 | 4.6.4 | N/A |
| phpmyadmin/phpmyadmin(Packagist) | 4.4 | 4.4.15.8 | N/A |
| phpmyadmin/phpmyadmin(Packagist) | 4.0 | 4.0.10.17 | N/A |
CVSS Metrics
