cvelistv5 - cve-2014-4987

cve-2014-4987

Vulnerability from cvelistv5

Published

2014-07-20 10:00

Modified

2024-08-06 11:34

Severity ?

Summary

server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/60397	Permissions Required
cve@mitre.org	http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/68804
cve@mitre.org	https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5
cve@mitre.org	https://security.gentoo.org/glsa/201505-03
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/60397	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/68804
af854a3a-2127-422b-91ae-364da2661108	https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201505-03

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:34:37.188Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2014:1069",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html"
          },
          {
            "name": "GLSA-201505-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201505-03"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php"
          },
          {
            "name": "60397",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60397"
          },
          {
            "name": "68804",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/68804"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-29T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "openSUSE-SU-2014:1069",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html"
        },
        {
          "name": "GLSA-201505-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201505-03"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php"
        },
        {
          "name": "60397",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60397"
        },
        {
          "name": "68804",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/68804"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-4987",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2014:1069",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html"
            },
            {
              "name": "GLSA-201505-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201505-03"
            },
            {
              "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php",
              "refsource": "CONFIRM",
              "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php"
            },
            {
              "name": "60397",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60397"
            },
            {
              "name": "68804",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/68804"
            },
            {
              "name": "https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5",
              "refsource": "CONFIRM",
              "url": "https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-4987",
    "datePublished": "2014-07-20T10:00:00",
    "dateReserved": "2014-07-16T00:00:00",
    "dateUpdated": "2024-08-06T11:34:37.188Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFBF430B-0832-44B0-AA0E-BA9E467F7668\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A10BC294-9196-425F-9FB0-B1625465B47F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F0A53D6-E68D-417E-9B72-55F603EBDFD5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B45FC64-ECDF-474A-9151-30667543760E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12D9ACD9-BA79-4AC0-800D-A66519799DBE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E5DD938-C9C2-4542-8AD5-4C11FBFA43CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0150F164-B7C2-4E5C-886C-49D651CF307F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB765223-DB56-4327-B150-1D633E4AB41C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58102B9D-C071-43C0-B412-7733E302A944\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45CDE76C-38B3-41F1-83E7-34F00A4E009A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA6AE567-72BB-4B5C-A9B3-AF406691491F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A13760E1-EA18-434E-8075-D330AEE05D21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A6A3056-B853-4880-BECF-799791B5C660\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09FA5A47-CEF2-4525-BBE4-D1205172300B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D228D62-3E19-4005-A995-39AFF30A978B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4FF2BA7-F240-4A5B-AC22-62F07D26BB29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8AC849CA-2056-491C-B6B1-3D3A4825BF63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"109C5928-FA6D-4835-B538-B235083AF38F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEC525D5-EA90-4F01-B1D3-64F4BFBFC4DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8ACC297E-A54A-4C92-9BCB-CDDA0C7E56C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4FA4B695-DD00-45FE-8A74-A34E9920EE23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC38B8F8-DB1C-4A7D-A15B-390754687F18\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFA5B74C-F0E8-46D0-AF53-A25145DA3E9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6DD88B5-9F4D-4B1C-8A36-CA9727514B42\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.\"}, {\"lang\": \"es\", \"value\": \"server_user_groups.php en phpMyAdmin 4.1.x anterior a 4.1.14.2 y 4.2.x anterior a 4.2.6 permite a usuarios remotos autenticados evadir las restricciones de acceso y leer la lista de usuarios de MySQL a trav\\u00e9s de una solicitud viewUsers.\"}]",
      "id": "CVE-2014-4987",
      "lastModified": "2024-11-21T02:11:13.657",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-07-20T11:12:51.290",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/60397\", \"source\": \"cve@mitre.org\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/68804\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/201505-03\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/60397\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/68804\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201505-03\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-4987\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-07-20T11:12:51.290\",\"lastModified\":\"2024-11-21T02:11:13.657\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.\"},{\"lang\":\"es\",\"value\":\"server_user_groups.php en phpMyAdmin 4.1.x anterior a 4.1.14.2 y 4.2.x anterior a 4.2.6 permite a usuarios remotos autenticados evadir las restricciones de acceso y leer la lista de usuarios de MySQL a trav\u00e9s de una solicitud viewUsers.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFBF430B-0832-44B0-AA0E-BA9E467F7668\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A10BC294-9196-425F-9FB0-B1625465B47F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F0A53D6-E68D-417E-9B72-55F603EBDFD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B45FC64-ECDF-474A-9151-30667543760E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12D9ACD9-BA79-4AC0-800D-A66519799DBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E5DD938-C9C2-4542-8AD5-4C11FBFA43CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0150F164-B7C2-4E5C-886C-49D651CF307F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB765223-DB56-4327-B150-1D633E4AB41C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58102B9D-C071-43C0-B412-7733E302A944\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45CDE76C-38B3-41F1-83E7-34F00A4E009A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA6AE567-72BB-4B5C-A9B3-AF406691491F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A13760E1-EA18-434E-8075-D330AEE05D21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A6A3056-B853-4880-BECF-799791B5C660\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09FA5A47-CEF2-4525-BBE4-D1205172300B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D228D62-3E19-4005-A995-39AFF30A978B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4FF2BA7-F240-4A5B-AC22-62F07D26BB29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AC849CA-2056-491C-B6B1-3D3A4825BF63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"109C5928-FA6D-4835-B538-B235083AF38F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEC525D5-EA90-4F01-B1D3-64F4BFBFC4DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ACC297E-A54A-4C92-9BCB-CDDA0C7E56C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FA4B695-DD00-45FE-8A74-A34E9920EE23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC38B8F8-DB1C-4A7D-A15B-390754687F18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFA5B74C-F0E8-46D0-AF53-A25145DA3E9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6DD88B5-9F4D-4B1C-8A36-CA9727514B42\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/60397\",\"source\":\"cve@mitre.org\",\"tags\":[\"Permissions Required\"]},{\"url\":\"http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/68804\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/201505-03\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/60397\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/68804\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201505-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-pvp5-3q7r-jxp6

Vulnerability from github

Published

2022-05-14 02:09

Modified

2022-05-14 02:09

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-4987"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-07-20T11:12:00Z",
    "severity": "MODERATE"
  },
  "details": "server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.",
  "id": "GHSA-pvp5-3q7r-jxp6",
  "modified": "2022-05-14T02:09:43Z",
  "published": "2022-05-14T02:09:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4987"
    },
    {
      "type": "WEB",
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201505-03"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60397"
    },
    {
      "type": "WEB",
      "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/68804"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2014-4987

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2014-4987

Aliases

CVE-2014-4987

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-4987",
    "description": "server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.",
    "id": "GSD-2014-4987",
    "references": [
      "https://www.suse.com/security/cve/CVE-2014-4987.html",
      "https://advisories.mageia.org/CVE-2014-4987.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-4987"
      ],
      "details": "server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.",
      "id": "GSD-2014-4987",
      "modified": "2023-12-13T01:22:45.492120Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2014-4987",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "openSUSE-SU-2014:1069",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html"
          },
          {
            "name": "GLSA-201505-03",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201505-03"
          },
          {
            "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php",
            "refsource": "CONFIRM",
            "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php"
          },
          {
            "name": "60397",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/60397"
          },
          {
            "name": "68804",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/68804"
          },
          {
            "name": "https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5",
            "refsource": "CONFIRM",
            "url": "https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-4987"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php"
            },
            {
              "name": "https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5"
            },
            {
              "name": "60397",
              "refsource": "SECUNIA",
              "tags": [
                "Permissions Required"
              ],
              "url": "http://secunia.com/advisories/60397"
            },
            {
              "name": "openSUSE-SU-2014:1069",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html"
            },
            {
              "name": "GLSA-201505-03",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/201505-03"
            },
            {
              "name": "68804",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/68804"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-30T16:27Z",
      "publishedDate": "2014-07-20T11:12Z"
    }
  }
}

fkie_cve-2014-4987

Vulnerability from fkie_nvd

Published

2014-07-20 11:12

Modified

2024-11-21 02:11

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/60397	Permissions Required
cve@mitre.org	http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/68804
cve@mitre.org	https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5
cve@mitre.org	https://security.gentoo.org/glsa/201505-03
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/60397	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/68804
af854a3a-2127-422b-91ae-364da2661108	https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201505-03

Impacted products

Vendor	Product	Version
opensuse	opensuse	12.3
opensuse	opensuse	13.1
phpmyadmin	phpmyadmin	4.1.0
phpmyadmin	phpmyadmin	4.1.1
phpmyadmin	phpmyadmin	4.1.2
phpmyadmin	phpmyadmin	4.1.3
phpmyadmin	phpmyadmin	4.1.4
phpmyadmin	phpmyadmin	4.1.5
phpmyadmin	phpmyadmin	4.1.6
phpmyadmin	phpmyadmin	4.1.7
phpmyadmin	phpmyadmin	4.1.8
phpmyadmin	phpmyadmin	4.1.9
phpmyadmin	phpmyadmin	4.1.10
phpmyadmin	phpmyadmin	4.1.11
phpmyadmin	phpmyadmin	4.1.12
phpmyadmin	phpmyadmin	4.1.13
phpmyadmin	phpmyadmin	4.1.14
phpmyadmin	phpmyadmin	4.1.14.1
phpmyadmin	phpmyadmin	4.2.0
phpmyadmin	phpmyadmin	4.2.1
phpmyadmin	phpmyadmin	4.2.2
phpmyadmin	phpmyadmin	4.2.3
phpmyadmin	phpmyadmin	4.2.4
phpmyadmin	phpmyadmin	4.2.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F0A53D6-E68D-417E-9B72-55F603EBDFD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B45FC64-ECDF-474A-9151-30667543760E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "12D9ACD9-BA79-4AC0-800D-A66519799DBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E5DD938-C9C2-4542-8AD5-4C11FBFA43CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0150F164-B7C2-4E5C-886C-49D651CF307F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB765223-DB56-4327-B150-1D633E4AB41C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58102B9D-C071-43C0-B412-7733E302A944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "45CDE76C-38B3-41F1-83E7-34F00A4E009A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA6AE567-72BB-4B5C-A9B3-AF406691491F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A13760E1-EA18-434E-8075-D330AEE05D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A6A3056-B853-4880-BECF-799791B5C660",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "09FA5A47-CEF2-4525-BBE4-D1205172300B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D228D62-3E19-4005-A995-39AFF30A978B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4FF2BA7-F240-4A5B-AC22-62F07D26BB29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AC849CA-2056-491C-B6B1-3D3A4825BF63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "109C5928-FA6D-4835-B538-B235083AF38F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEC525D5-EA90-4F01-B1D3-64F4BFBFC4DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ACC297E-A54A-4C92-9BCB-CDDA0C7E56C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FA4B695-DD00-45FE-8A74-A34E9920EE23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC38B8F8-DB1C-4A7D-A15B-390754687F18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFA5B74C-F0E8-46D0-AF53-A25145DA3E9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6DD88B5-9F4D-4B1C-8A36-CA9727514B42",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request."
    },
    {
      "lang": "es",
      "value": "server_user_groups.php en phpMyAdmin 4.1.x anterior a 4.1.14.2 y 4.2.x anterior a 4.2.6 permite a usuarios remotos autenticados evadir las restricciones de acceso y leer la lista de usuarios de MySQL a trav\u00e9s de una solicitud viewUsers."
    }
  ],
  "id": "CVE-2014-4987",
  "lastModified": "2024-11-21T02:11:13.657",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-07-20T11:12:51.290",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://secunia.com/advisories/60397"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/68804"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201505-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://secunia.com/advisories/60397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/68804"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201505-03"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2014-4987

Vulnerability from cvelistv5

ghsa-pvp5-3q7r-jxp6

Vulnerability from github

gsd-2014-4987

Vulnerability from gsd

fkie_cve-2014-4987

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature