High severity8.8NVD Advisory· Published Jan 3, 2018· Updated Jun 17, 2026
CVE-2017-1000499
CVE-2017-1000499
Description
phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpmyadmin/phpmyadminPackagist | >= 4.7, < 4.7.7 | 4.7.7 |
Affected products
3- ghsa-coords3 versionspkg:composer/phpmyadmin/phpmyadminpkg:rpm/opensuse/phpMyAdmin&distro=openSUSE%20Tumbleweedpkg:rpm/suse/phpMyAdmin&distro=SUSE%20Package%20Hub%2012
>= 4.7, < 4.7.7+ 2 more
- (no CPE)range: >= 4.7, < 4.7.7
- (no CPE)range: < 5.1.1-1.2
- (no CPE)range: < 4.7.8-17.1
Patches
Vulnerability mechanics
References
10- www.phpmyadmin.net/security/PMASA-2017-9/nvdPatchVendor Advisory
- cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/nvdExploitPatchThird Party Advisory
- www.exploit-db.com/exploits/45284/nvdExploitThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1040163nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-f9hx-5jq4-fgjmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-1000499ghsaADVISORY
- cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-clickghsaWEB
- web.archive.org/web/20201208204518/http://www.securitytracker.com/id/1040163ghsaWEB
- www.exploit-db.com/exploits/45284ghsaWEB
- www.phpmyadmin.net/security/PMASA-2017-9ghsaWEB
News mentions
0No linked articles in our index yet.