{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2016-11-25T00:00:00.000Z","descriptions":[{"lang":"en","value":"An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2019-06-17T22:06:04.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"94521","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/94521"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.phpmyadmin.net/security/PMASA-2016-60"},{"name":"GLSA-201701-32","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"https://security.gentoo.org/glsa/201701-32"},{"name":"[debian-lts-announce] 20190617 [SECURITY] [DLA 1821-1] phpmyadmin security update","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2016-9849","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"94521","refsource":"BID","url":"http://www.securityfocus.com/bid/94521"},{"name":"https://www.phpmyadmin.net/security/PMASA-2016-60","refsource":"CONFIRM","url":"https://www.phpmyadmin.net/security/PMASA-2016-60"},{"name":"GLSA-201701-32","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201701-32"},{"name":"[debian-lts-announce] 20190617 [SECURITY] [DLA 1821-1] phpmyadmin security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T02:59:03.530Z"},"title":"CVE Program Container","references":[{"name":"94521","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/94521"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.phpmyadmin.net/security/PMASA-2016-60"},{"name":"GLSA-201701-32","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"https://security.gentoo.org/glsa/201701-32"},{"name":"[debian-lts-announce] 20190617 [SECURITY] [DLA 1821-1] phpmyadmin security update","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"}]}]},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2016-9849","datePublished":"2016-12-11T02:00:00.000Z","dateReserved":"2016-12-06T00:00:00.000Z","dateUpdated":"2024-08-06T02:59:03.530Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}