Cryptographic Issues Affecting phpmyadmin/phpmyadmin package, versions >=4.0.0, <4.0.10.18 >=4.4.0, <4.4.15.9 >=4.6.0, <4.6.5
Threat Intelligence
EPSS
0.1% (44th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-PHPMYADMINPHPMYADMIN-5814036
- published 2 Aug 2023
- disclosed 17 May 2022
- credit Unknown
Introduced: 17 May 2022
CVE-2016-9847 Open this link in a new tabHow to fix?
Upgrade phpmyadmin/phpmyadmin to version 4.0.10.18, 4.4.15.9, 4.6.5 or higher.
Overview
phpmyadmin/phpmyadmin is a web interface for MySQL and MariaDB.
Affected versions of this package are vulnerable to Cryptographic Issues when the user does not specify a blowfish_secret key for encrypting cookies. An attacker can determine the user's blowfish_secret and potentially decrypt their cookies by exploiting the weak algorithm used to create this value.