CVE-2016-9863: phpMyAdmin DoS Vulnerability
7.5
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.69324%
CWE
Published
5/17/2022
Updated
11/2/2023
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
phpmyadmin/phpmyadmin | composer | >= 4.6.0, < 4.6.5 | 4.6.5 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from improper input validation (CWE-20) in table partitioning handling. Though exact commit diffs aren't available, the advisory references commit 7ddcbc0
which patched this issue. Partitioning logic in phpMyAdmin
is typically handled in Partition.php
. The function PMA_handlePartitioning()
would process partitioning parameters from user requests. Lack of validation on input size (e.g., number of partitions or parameter length) would allow crafted large requests to cause DoS via resource exhaustion, consistent with the described vulnerability.