Miggo Logo

CVE-2017-1000017: phpMyAdmin SSRF in replication

8.8

CVSS Score
3.0

Basic Information

EPSS Score
0.75457%
Published
5/14/2022
Updated
4/24/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
phpmyadmin/phpmyadmincomposer>= 4.6, < 4.6.64.6.6
phpmyadmin/phpmyadmincomposer>= 4.4, < 4.4.15.104.4.15.10
phpmyadmin/phpmyadmincomposer>= 4.0, < 4.0.10.194.0.10.19

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper validation of host parameters in replication configuration workflows. The patches (commits f8ad5bd, ca8edbc, 695a488) focused on adding host validation checks in server connection handling. The functions responsible for processing replication setup requests (Replication::handleControlRequest) and generating server links (ServerCommon::getServerLink) would be the primary locations where unvalidated user input could trigger arbitrary outbound connections. These components directly interact with user-controlled host parameters during replication configuration, matching the SSRF exploitation scenario described in the advisory.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

p*pMy**min *.*, *.* *n* *.* *r* vuln*r**l* to * w**kn*ss w**r* * us*r wit* *ppropri*t* p*rmissions is **l* to *onn**t to *n *r*itr*ry MySQL s*rv*r

Reasoning

T** vuln*r**ility st*ms *rom improp*r v*li**tion o* *ost p*r*m*t*rs in r*pli**tion *on*i*ur*tion work*lows. T** p*t***s (*ommits *******, *******, *******) *o*us** on ***in* *ost v*li**tion ****ks in s*rv*r *onn**tion **n*lin*. T** *un*tions r*sponsi