Null Byte Bypass Vulnerability in phpMyAdmin

Null Byte Bypass Vulnerability in phpMyAdmin

CVE-2016-9849 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

Learn more about our Cis Benchmark Audit For Server Software.