Vulnerability: Bypassing ArbitraryServerRegexp in phpMyAdmin

Vulnerability: Bypassing ArbitraryServerRegexp in phpMyAdmin

CVE-2016-6629 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

Learn more about our Cis Benchmark Audit For Server Software.