CVE-2017-1000499

HIGH

phpMyAdmin 4.7.0-4.7.6 - Cross-Site Request Forgery

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-1000499. PoCs published by VulnSpy, Villaquiranm.

AI-analyzed exploit summary This exploit demonstrates multiple CSRF attacks against phpMyAdmin 4.7.x, including table deletion, password modification, arbitrary file write, and data exfiltration via DNS. The PoC uses crafted URLs and hidden image tags to trigger malicious SQL queries.

Description

phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.

Exploits (2)

exploitdb WORKING POC VERIFIED

by VulnSpy · textwebappsphp

https://www.exploit-db.com/exploits/45284

View Code ZIP pw:eip

This exploit demonstrates multiple CSRF attacks against phpMyAdmin 4.7.x, including table deletion, password modification, arbitrary file write, and data exfiltration via DNS. The PoC uses crafted URLs and hidden image tags to trigger malicious SQL queries.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: phpMyAdmin versions 4.7.x (prior to 4.7.7)

Auth required

Prerequisites: Victim must have an active session in phpMyAdmin · Attacker must trick victim into visiting a malicious page

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by Villaquiranm · poc

https://github.com/Villaquiranm/5MMISSI-CVE-2017-1000499

View Code ZIP pw:eip

This repository provides a functional proof-of-concept for CVE-2017-1000499, a CSRF vulnerability in phpMyAdmin versions 4.7.x prior to 4.7.6.1/4.7.7. It includes a Docker-based environment setup and a web-based exploit to demonstrate harmful database operations via crafted URLs.

Classification

Working Poc 90%

Attack Type

Csrf

Complexity

Moderate

Reliability

Reliable

Target: phpMyAdmin 4.7.x (prior to 4.7.6.1/4.7.7)

Auth required

Prerequisites: Docker installed · User interaction to click a crafted URL

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1040163

Exploit, Patch, Third Party Advisory x_refsource_misc

http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45284/

Patch, Vendor Advisory x_refsource_confirm

https://www.phpmyadmin.net/security/PMASA-2017-9/

Scores

CVSS v3 8.8

EPSS 0.1144

EPSS Percentile 93.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (2)

phpmyadmin/phpmyadmin 4.7 - 4.7.7Packagist

phpmyadmin/phpmyadmin 4.7.0 - 4.7.7

Published Jan 03, 2018

Tracked Since Feb 18, 2026