phpMyAdmin up to 4.3.13.1/4.4.14.0 re-Captcha Protection AuthenticationCookie.class.php information disclosure
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.6 | $0-$5k | 0.00 |
Summary
A vulnerability was found in phpMyAdmin up to 4.3.13.1/4.4.14.0. It has been classified as problematic. The affected element is an unknown function of the file libraries/plugins/auth/AuthenticationCookie.class.php of the component re-Captcha Protection. This manipulation causes information disclosure. This vulnerability is tracked as CVE-2015-6830. Moreover, an exploit is present. Upgrading the affected component is recommended.
Details
A vulnerability was found in phpMyAdmin up to 4.3.13.1/4.4.14.0 (Database Administration Software). It has been declared as critical. Affected by this vulnerability is an unknown code block of the file libraries/plugins/auth/AuthenticationCookie.class.php of the component re-Captcha Protection. The manipulation with an unknown input leads to a information disclosure vulnerability. The CWE definition for the vulnerability is CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha.
The weakness was disclosed 09/14/2015 (Website). The advisory is shared at phpmyadmin.net. This vulnerability is known as CVE-2015-6830 since 09/08/2015. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details and also a public exploit are known. MITRE ATT&CK project uses the attack technique T1592 for this issue.
It is possible to download the exploit at exploit-db.com. It is declared as proof-of-concept. By approaching the search of inurl:libraries/plugins/auth/AuthenticationCookie.class.php it is possible to find vulnerable targets with Google Hacking. The vulnerability scanner Nessus provides a plugin with the ID 85986 , which helps to determine the existence of the flaw in a target environment. The commercial vulnerability scanner Qualys is able to test this issue with plugin 175537 (Debian Security Update for phpmyadmin (DSA 3382-1)).
Upgrading to version 4.3.13.2 or 4.4.14.1 eliminates this vulnerability.
The vulnerability is also documented in the databases at Exploit-DB (52414), Tenable (85986), SecurityFocus (BID 76674†), SecurityTracker (ID 1033546†) and Vulnerability Center (SBV-52838†). The entries VDB-68271, VDB-74383 and VDB-78930 are pretty similar. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Name
Version
License
Website
- Product: https://www.phpmyadmin.net/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 6.6
VulDB Base Score: 7.3
VulDB Temp Score: 6.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Information disclosureCWE: CWE-200 / CWE-284 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
Google Hack: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 85986
Nessus File: 🔍
Nessus Risk: 🔍
OpenVAS ID: 703382
OpenVAS Name: Debian Security Advisory DSA 3382-1 (phpmyadmin - security update)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Upgrade: phpMyAdmin 4.3.13.2/4.4.14.1
Patch: github.com
Timeline
09/08/2015 🔍09/09/2015 🔍
09/13/2015 🔍
09/14/2015 🔍
09/14/2015 🔍
09/14/2015 🔍
09/21/2015 🔍
08/20/2025 🔍
Sources
Product: phpmyadmin.netAdvisory: 785f4e2711848eb8945894199d5870253a88584e
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2015-6830 (🔍)
GCVE (CVE): GCVE-0-2015-6830
GCVE (VulDB): GCVE-100-77677
OVAL: 🔍
SecurityFocus: 76674
SecurityTracker: 1033546
Vulnerability Center: 52838 - phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 Remote Security Bypass Vulnerability, Medium
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 09/14/2015 10:20Updated: 08/20/2025 17:35
Changes: 09/14/2015 10:20 (65), 03/01/2018 07:56 (7), 06/14/2022 22:24 (4), 06/14/2022 22:36 (1), 08/20/2025 17:35 (23)
Complete: 🔍
Cache ID: 216:79B:103
No comments yet. Languages: en.
Please log in to comment.