-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper validation of host parameters in replication configuration workflows. The patches (commits f8ad5bd, ca8edbc, 695a488) focused on adding host validation checks in server connection handling. The functions responsible for processing replication setup requests (Replication::handleControlRequest) and generating server links (ServerCommon::getServerLink) would be the primary locations where unvalidated user input could trigger arbitrary outbound connections. These components directly interact with user-controlled host parameters during replication configuration, matching the SSRF exploitation scenario described in the advisory.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| phpmyadmin/phpmyadmin | composer | >= 4.6, < 4.6.6 | 4.6.6 |
| phpmyadmin/phpmyadmin | composer | >= 4.4, < 4.4.15.10 | 4.4.15.10 |
| phpmyadmin/phpmyadmin | composer | >= 4.0, < 4.0.10.19 | 4.0.10.19 |