VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-eymu-abku-4uhg

Essentials
Severities (37)
References (13)
Severity details (13)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-eymu-abku-4uhg
Aliases	CVE-2017-1000499 GHSA-f9hx-5jq4-fgjm
Summary	phpMyAdmin CSRF Vulnerability phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.
Status	Published
Exploitability	2.0
Weighted Severity	8.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-352	Cross-Site Request Forgery (CSRF)
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	8.8	http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click
generic_textual	HIGH	http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click
epss	0.04997	https://api.first.org/data/v1/epss?cve=CVE-2017-1000499
epss	0.04997	https://api.first.org/data/v1/epss?cve=CVE-2017-1000499
epss	0.04997	https://api.first.org/data/v1/epss?cve=CVE-2017-1000499
epss	0.04997	https://api.first.org/data/v1/epss?cve=CVE-2017-1000499
epss	0.10452	https://api.first.org/data/v1/epss?cve=CVE-2017-1000499
epss	0.10452	https://api.first.org/data/v1/epss?cve=CVE-2017-1000499
epss	0.10452	https://api.first.org/data/v1/epss?cve=CVE-2017-1000499
epss	0.10452	https://api.first.org/data/v1/epss?cve=CVE-2017-1000499
epss	0.10452	https://api.first.org/data/v1/epss?cve=CVE-2017-1000499
epss	0.10452	https://api.first.org/data/v1/epss?cve=CVE-2017-1000499
epss	0.10452	https://api.first.org/data/v1/epss?cve=CVE-2017-1000499
epss	0.10452	https://api.first.org/data/v1/epss?cve=CVE-2017-1000499
epss	0.10452	https://api.first.org/data/v1/epss?cve=CVE-2017-1000499
epss	0.10452	https://api.first.org/data/v1/epss?cve=CVE-2017-1000499
epss	0.10452	https://api.first.org/data/v1/epss?cve=CVE-2017-1000499
epss	0.10452	https://api.first.org/data/v1/epss?cve=CVE-2017-1000499
epss	0.10452	https://api.first.org/data/v1/epss?cve=CVE-2017-1000499
epss	0.10452	https://api.first.org/data/v1/epss?cve=CVE-2017-1000499
epss	0.10452	https://api.first.org/data/v1/epss?cve=CVE-2017-1000499
epss	0.10452	https://api.first.org/data/v1/epss?cve=CVE-2017-1000499
epss	0.10452	https://api.first.org/data/v1/epss?cve=CVE-2017-1000499
epss	0.10452	https://api.first.org/data/v1/epss?cve=CVE-2017-1000499
epss	0.10452	https://api.first.org/data/v1/epss?cve=CVE-2017-1000499
epss	0.10452	https://api.first.org/data/v1/epss?cve=CVE-2017-1000499
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-f9hx-5jq4-fgjm
cvssv2	6.8	https://nvd.nist.gov/vuln/detail/CVE-2017-1000499
cvssv3	8.8	https://nvd.nist.gov/vuln/detail/CVE-2017-1000499
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2017-1000499
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2017-1000499
cvssv3.1	8.8	https://web.archive.org/web/20201208204518/http://www.securitytracker.com/id/1040163
generic_textual	HIGH	https://web.archive.org/web/20201208204518/http://www.securitytracker.com/id/1040163
cvssv3.1	8.8	https://www.exploit-db.com/exploits/45284
generic_textual	HIGH	https://www.exploit-db.com/exploits/45284
cvssv3.1	8.8	https://www.phpmyadmin.net/security/PMASA-2017-9
generic_textual	HIGH	https://www.phpmyadmin.net/security/PMASA-2017-9

Reference id	Reference type	URL
		http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click
		http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/
		https://api.first.org/data/v1/epss?cve=CVE-2017-1000499
		https://nvd.nist.gov/vuln/detail/CVE-2017-1000499
		https://web.archive.org/web/20201208204518/http://www.securitytracker.com/id/1040163
		https://www.exploit-db.com/exploits/45284
		https://www.exploit-db.com/exploits/45284/
		https://www.phpmyadmin.net/security/PMASA-2017-9
		https://www.phpmyadmin.net/security/PMASA-2017-9/
		http://www.securitytracker.com/id/1040163
cpe:2.3:a:phpmyadmin:phpmyadmin::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin::::::::
CVE-2017-1000499	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/45284.txt
GHSA-f9hx-5jq4-fgjm		https://github.com/advisories/GHSA-f9hx-5jq4-fgjm

Data source	Exploit-DB
Date added	Aug. 29, 2018
Description	phpMyAdmin 4.7.x - Cross-Site Request Forgery
Ransomware campaign use	Known
Source publication date	Aug. 29, 2018
Exploit type	webapps
Platform	php
Source update date	Nov. 3, 2018

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2017-1000499

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-1000499

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-1000499

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20201208204518/http://www.securitytracker.com/id/1040163

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/45284

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.phpmyadmin.net/security/PMASA-2017-9

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.89365
EPSS Score	0.04997
Published At	Aug. 1, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:11:22.590329+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f9hx-5jq4-fgjm/GHSA-f9hx-5jq4-fgjm.json	37.0.0