Miggo Logo
Miggo Vulnerability Database
CVE-2016-9861

CVE-2016-9861: phpMyAdmin Bypass white-list protection for URL redirection

7.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2016-9861
GHSA ID
GHSA-r326-mp8g-6xfc
EPSS Score
0.50952%
CWE
-
Published
5/17/2022
Updated
4/24/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
phpmyadmin/phpmyadmincomposer>= 4.6, < 4.6.54.6.5
phpmyadmin/phpmyadmincomposer>= 4.4, < 4.4.15.94.4.15.9
phpmyadmin/phpmyadmincomposer>= 4.0, < 4.0.10.184.0.10.18

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability centers around improper URL whitelist validation for redirects. The Core::checkPageValidity function is phpMyAdmin's known URL validation mechanism, and the provided commit hashes (af7c589/499a61c/dac36c3) from the phpMyAdmin advisory indicate fixes to this validation logic. Historical analysis shows this function previously used a vulnerable 'trustedPrefix' check that could be bypassed by appending '/' or encoded characters to whitelisted paths. The function's role in URL validation and the nature of the bypass (incomplete pattern matching) directly align with the described vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in p*pMy**min. *u* to t** limit*tion in URL m*t**in*, it w*s possi*l* to *yp*ss t** URL w*it*-list prot**tion. *ll *.*.x v*rsions (prior to *.*.*), *.*.x v*rsions (prior to *.*.**.*), *n* *.*.x v*rsions (prior to *.*.**.**) *r

Reasoning

T** vuln*r**ility **nt*rs *roun* improp*r URL w*it*list v*li**tion *or r**ir**ts. T** `*or*::****kP***V*li*ity` *un*tion is p*pMy**min's known URL v*li**tion m****nism, *n* t** provi*** *ommit **s**s (*******/*******/*******) *rom t** p*pMy**min **vi