GHSA-426q-975p-w5cr

Suggest an improvement
Source
https://github.com/advisories/GHSA-426q-975p-w5cr
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-426q-975p-w5cr/GHSA-426q-975p-w5cr.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-426q-975p-w5cr
Aliases
Published
2022-05-17T02:37:10Z
Modified
2024-12-06T05:40:40.937454Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
phpMyAdmin Denial of service (DOS) attack with dbase extension
Details

An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

Database specific
{
    "nvd_published_at": "2016-12-11T02:59:00Z",
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-24T18:11:11Z"
}
References

Affected packages

Packagist / phpmyadmin/phpmyadmin

Package

Name
phpmyadmin/phpmyadmin
Purl
pkg:composer/phpmyadmin/phpmyadmin

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.6
Fixed
4.6.4

Packagist / phpmyadmin/phpmyadmin

Package

Name
phpmyadmin/phpmyadmin
Purl
pkg:composer/phpmyadmin/phpmyadmin

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.4
Fixed
4.4.15.8

Packagist / phpmyadmin/phpmyadmin

Package

Name
phpmyadmin/phpmyadmin
Purl
pkg:composer/phpmyadmin/phpmyadmin

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0
Fixed
4.0.10.17

Affected versions

4.*

4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.4.1
4.0.4.2
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.0.10.1
4.0.10.2
4.0.10.3
4.0.10.4
4.0.10.5
4.0.10.6
4.0.10.7
4.0.10.8
4.0.10.9