Description

server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.

Remediation

References

CVE-2014-4987

Related Vulnerabilities

Moodle Configuration Vulnerability (CVE-2012-3392)

Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2021-21019)

Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2018-1000861)

Oracle Application Server Other Vulnerability (CVE-2005-3204)

MongoDb Improper Input Validation Vulnerability (CVE-2021-20330)

Severity

Medium

Classification

CVE-2014-4987 CWE-264

Tags

Missing Update Known Vulnerabilities