-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| phpmyadmin/phpmyadmin | composer | >= 4.6, < 4.6.4 | 4.6.4 |
| phpmyadmin/phpmyadmin | composer | >= 4.4, < 4.4.15.8 | 4.4.15.8 |
| phpmyadmin/phpmyadmin | composer | >= 4.0, < 4.0.10.17 | 4.0.10.17 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from phpMyAdmin's handling of dbase file imports via the dbase extension. The advisory explicitly links the issue to dbase extension usage, and the CWE-94 (Code Injection) suggests improper input handling during file processing. The provided phpMyAdmin security notice references commits in import-related components (e.g., 378c382, f80a250, ddeab2a), which likely patched input validation in the dbase import functionality. The ImportDbase class is directly responsible for parsing dbase files, making it the most probable location for unsafe dbase function usage (e.g., dbase_open, dbase_get_record) with untrusted input.