For a user with appropriate MySQL privileges it was possible to connect to arbitrary host. Mitigation: The vulnerability is exposed only to MySQL superusers. Affected versions: All 4.6.x versions (prior to 4.6.6), 4.4.x versions (prior to 4.4.15.10), and 4.0.x versions (prior to 4.0.10.19) are affected. Upstream patches: https://github.com/phpmyadmin/phpmyadmin/commit/f8ad5bd https://github.com/phpmyadmin/phpmyadmin/commit/ca8edbc https://github.com/phpmyadmin/phpmyadmin/commit/695a488 External References: https://www.phpmyadmin.net/security/PMASA-2017-6/
Created phpMyAdmin tracking bugs for this issue: Affects: fedora-all [bug 1416003] Affects: epel-all [bug 1416004]
Created phpMyAdmin4 tracking bugs for this issue: Affects: epel-5 [bug 1416005]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.