Vulnerability Database

314,615

Total vulnerabilities in the database

CVE-2016-9849

An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

  • Published: Dec 11, 2016
  • Updated: Nov 9, 2025
  • CVE: CVE-2016-9849
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
Composer icon phpmyadmin / phpmyadmin 4.0.10.15 4.0.10.15.x
Composer icon phpmyadmin / phpmyadmin 4.0.0 4.0.0.x
Composer icon phpmyadmin / phpmyadmin 4.0.10.17 4.0.10.17.x
Composer icon phpmyadmin / phpmyadmin 4.0.5 4.0.5.x
Composer icon phpmyadmin / phpmyadmin 4.0.3 4.0.3.x
Composer icon phpmyadmin / phpmyadmin 4.0.10.10 4.0.10.10.x
Composer icon phpmyadmin / phpmyadmin 4.0.10.13 4.0.10.13.x
Composer icon phpmyadmin / phpmyadmin 4.0.7 4.0.7.x
Composer icon phpmyadmin / phpmyadmin 4.0.10 4.0.10.x
Composer icon phpmyadmin / phpmyadmin 4.0.10.4 4.0.10.4.x
Composer icon phpmyadmin / phpmyadmin 4.0.8 4.0.8.x
Composer icon phpmyadmin / phpmyadmin 4.0.2 4.0.2.x
Composer icon phpmyadmin / phpmyadmin 4.0.10.1 4.0.10.1.x
Composer icon phpmyadmin / phpmyadmin 4.0.10.14 4.0.10.14.x
Composer icon phpmyadmin / phpmyadmin 4.0.6 4.0.6.x
Composer icon phpmyadmin / phpmyadmin 4.0.10.9 4.0.10.9.x
Composer icon phpmyadmin / phpmyadmin 4.0.4.1 4.0.4.1.x
Composer icon phpmyadmin / phpmyadmin 4.0.1 4.0.1.x
Composer icon phpmyadmin / phpmyadmin 4.0.10.7 4.0.10.7.x
Composer icon phpmyadmin / phpmyadmin 4.0.10.16 4.0.10.16.x
Composer icon phpmyadmin / phpmyadmin 4.0.10.6 4.0.10.6.x
Composer icon phpmyadmin / phpmyadmin 4.0.10.3 4.0.10.3.x
Composer icon phpmyadmin / phpmyadmin 4.0.4.2 4.0.4.2.x
Composer icon phpmyadmin / phpmyadmin 4.0.10.11 4.0.10.11.x
Composer icon phpmyadmin / phpmyadmin 4.0.10.5 4.0.10.5.x
Composer icon phpmyadmin / phpmyadmin 4.0.10.12 4.0.10.12.x
Composer icon phpmyadmin / phpmyadmin 4.0.9 4.0.9.x
Composer icon phpmyadmin / phpmyadmin 4.0.4 4.0.4.x
Composer icon phpmyadmin / phpmyadmin 4.0.10.8 4.0.10.8.x
Composer icon phpmyadmin / phpmyadmin 4.0.10.2 4.0.10.2.x
Composer icon phpmyadmin / phpmyadmin 4.6.1 4.6.1.x
Composer icon phpmyadmin / phpmyadmin 4.6.4 4.6.4.x
Composer icon phpmyadmin / phpmyadmin 4.6.0 4.6.0.x
Composer icon phpmyadmin / phpmyadmin 4.6.2 4.6.2.x
Composer icon phpmyadmin / phpmyadmin 4.6.3 4.6.3.x
Composer icon phpmyadmin / phpmyadmin 4.4.13.1 4.4.13.1.x
Composer icon phpmyadmin / phpmyadmin 4.4.6 4.4.6.x
Composer icon phpmyadmin / phpmyadmin 4.4.2 4.4.2.x
Composer icon phpmyadmin / phpmyadmin 4.4.1.1 4.4.1.1.x
Composer icon phpmyadmin / phpmyadmin 4.4.15 4.4.15.x
Composer icon phpmyadmin / phpmyadmin 4.4.14 4.4.14.x
Composer icon phpmyadmin / phpmyadmin 4.4.15.4 4.4.15.4.x
Composer icon phpmyadmin / phpmyadmin 4.4.15.6 4.4.15.6.x
Composer icon phpmyadmin / phpmyadmin 4.4.6.1 4.4.6.1.x
Composer icon phpmyadmin / phpmyadmin 4.4.0 4.4.0.x
Composer icon phpmyadmin / phpmyadmin 4.4.1 4.4.1.x
Composer icon phpmyadmin / phpmyadmin 4.4.11 4.4.11.x
Composer icon phpmyadmin / phpmyadmin 4.4.9 4.4.9.x
Composer icon phpmyadmin / phpmyadmin 4.4.8 4.4.8.x
Composer icon phpmyadmin / phpmyadmin 4.4.15.2 4.4.15.2.x
Composer icon phpmyadmin / phpmyadmin 4.4.15.5 4.4.15.5.x
Composer icon phpmyadmin / phpmyadmin 4.4.7 4.4.7.x
Composer icon phpmyadmin / phpmyadmin 4.4.15.7 4.4.15.7.x
Composer icon phpmyadmin / phpmyadmin 4.4.3 4.4.3.x
Composer icon phpmyadmin / phpmyadmin 4.4.12 4.4.12.x
Composer icon phpmyadmin / phpmyadmin 4.4.5 4.4.5.x
Composer icon phpmyadmin / phpmyadmin 4.4.13 4.4.13.x
Composer icon phpmyadmin / phpmyadmin 4.4.15.3 4.4.15.3.x
Composer icon phpmyadmin / phpmyadmin 4.4.10 4.4.10.x
Composer icon phpmyadmin / phpmyadmin 4.4.15.8 4.4.15.8.x
Composer icon phpmyadmin / phpmyadmin 4.4.15.1 4.4.15.1.x
Composer icon phpmyadmin / phpmyadmin 4.4.4 4.4.4.x
Composer icon phpmyadmin / phpmyadmin 4.4.14.1 4.4.14.1.x