CVE-2016-9849
- Source
- https://cve.org/CVERecord?id=CVE-2016-9849
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9849.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-9849
- Downstream
- Related
- Published
- 2016-12-11T02:59:47.083Z
- Modified
- 2026-03-10T14:15:05.700006Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
- References
Affected packages
Git / github.com/phpmyadmin/phpmyadmin
Affected ranges
- Type
- GIT
- Repo
- https://github.com/phpmyadmin/phpmyadmin
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "4.0.0" }, { "introduced": "0" }, { "last_affected": "4.0.1" }, { "introduced": "0" }, { "last_affected": "4.0.2" }, { "introduced": "0" }, { "last_affected": "4.0.3" }, { "introduced": "0" }, { "last_affected": "4.0.4" }, { "introduced": "0" }, { "last_affected": "4.0.4.1" }, { "introduced": "0" }, { "last_affected": "4.0.4.2" }, { "introduced": "0" }, { "last_affected": "4.0.5" }, { "introduced": "0" }, { "last_affected": "4.0.6" }, { "introduced": "0" }, { "last_affected": "4.0.7" }, { "introduced": "0" }, { "last_affected": "4.0.8" }, { "introduced": "0" }, { "last_affected": "4.0.9" }, { "introduced": "0" }, { "last_affected": "4.0.10" }, { "introduced": "0" }, { "last_affected": "4.0.10.1" }, { "introduced": "0" }, { "last_affected": "4.0.10.2" }, { "introduced": "0" }, { "last_affected": "4.0.10.3" }, { "introduced": "0" }, { "last_affected": "4.0.10.4" }, { "introduced": "0" }, { "last_affected": "4.0.10.5" }, { "introduced": "0" }, { "last_affected": "4.0.10.6" }, { "introduced": "0" }, { "last_affected": "4.0.10.7" }, { "introduced": "0" }, { "last_affected": "4.0.10.8" }, { "introduced": "0" }, { "last_affected": "4.0.10.9" }, { "introduced": "0" }, { "last_affected": "4.0.10.10" }, { "introduced": "0" }, { "last_affected": "4.0.10.11" }, { "introduced": "0" }, { "last_affected": "4.0.10.12" }, { "introduced": "0" }, { "last_affected": "4.0.10.13" }, { "introduced": "0" }, { "last_affected": "4.0.10.14" }, { "introduced": "0" }, { "last_affected": "4.0.10.15" }, { "introduced": "0" }, { "last_affected": "4.0.10.16" }, { "introduced": "0" }, { "last_affected": "4.0.10.17" }, { "introduced": "0" }, { "last_affected": "4.6.0" }, { "introduced": "0" }, { "last_affected": "4.6.1" }, { "introduced": "0" }, { "last_affected": "4.6.2" }, { "introduced": "0" }, { "last_affected": "4.6.3" }, { "introduced": "0" }, { "last_affected": "4.6.4" }, { "introduced": "0" }, { "last_affected": "4.4.0" }, { "introduced": "0" }, { "last_affected": "4.4.1" }, { "introduced": "0" }, { "last_affected": "4.4.1.1" }, { "introduced": "0" }, { "last_affected": "4.4.2" }, { "introduced": "0" }, { "last_affected": "4.4.3" }, { "introduced": "0" }, { "last_affected": "4.4.4" }, { "introduced": "0" }, { "last_affected": "4.4.5" }, { "introduced": "0" }, { "last_affected": "4.4.6" }, { "introduced": "0" }, { "last_affected": "4.4.6.1" }, { "introduced": "0" }, { "last_affected": "4.4.7" }, { "introduced": "0" }, { "last_affected": "4.4.8" }, { "introduced": "0" }, { "last_affected": "4.4.9" }, { "introduced": "0" }, { "last_affected": "4.4.10" }, { "introduced": "0" }, { "last_affected": "4.4.11" }, { "introduced": "0" }, { "last_affected": "4.4.12" }, { "introduced": "0" }, { "last_affected": "4.4.13" }, { "introduced": "0" }, { "last_affected": "4.4.13.1" }, { "introduced": "0" }, { "last_affected": "4.4.14" }, { "introduced": "0" }, { "last_affected": "4.4.14.1" }, { "introduced": "0" }, { "last_affected": "4.4.15" }, { "introduced": "0" }, { "last_affected": "4.4.15.1" }, { "introduced": "0" }, { "last_affected": "4.4.15.2" }, { "introduced": "0" }, { "last_affected": "4.4.15.3" }, { "introduced": "0" }, { "last_affected": "4.4.15.4" }, { "introduced": "0" }, { "last_affected": "4.4.15.5" }, { "introduced": "0" }, { "last_affected": "4.4.15.6" }, { "introduced": "0" }, { "last_affected": "4.4.15.7" }, { "introduced": "0" }, { "last_affected": "4.4.15.8" } ] }
Affected versions
Other
RELEASE_2_10_0
RELEASE_2_10_0RC1
RELEASE_2_10_0_1
RELEASE_2_10_0_2
RELEASE_2_10_1RC1
RELEASE_2_10_2
RELEASE_2_10_3
RELEASE_2_10_3RC1
RELEASE_2_11_0
RELEASE_2_11_0BETA1
RELEASE_2_11_0RC1
RELEASE_2_11_0RC2
RELEASE_2_11_1
RELEASE_2_11_10
RELEASE_2_11_10_1
RELEASE_2_11_11
RELEASE_2_11_11RC1
RELEASE_2_11_11_1
RELEASE_2_11_11_2
RELEASE_2_11_11_3
RELEASE_2_11_1RC1
RELEASE_2_11_1_1
RELEASE_2_11_1_2
RELEASE_2_11_2
RELEASE_2_11_2RC1
RELEASE_2_11_2_1
RELEASE_2_11_2_2
RELEASE_2_11_3
RELEASE_2_11_3RC1
RELEASE_2_11_4
RELEASE_2_11_4RC1
RELEASE_2_11_5
RELEASE_2_11_5RC1
RELEASE_2_11_5_1
RELEASE_2_11_5_2
RELEASE_2_11_6
RELEASE_2_11_6RC1
RELEASE_2_11_7
RELEASE_2_11_7RC1
RELEASE_2_11_7RC2
RELEASE_2_11_7_1
RELEASE_2_11_8
RELEASE_2_11_8RC1
RELEASE_2_11_8_1
RELEASE_2_11_9
RELEASE_2_11_9_1
RELEASE_2_11_9_2
RELEASE_2_11_9_3
RELEASE_2_11_9_4
RELEASE_2_11_9_5
RELEASE_2_11_9_6
RELEASE_2_2_0
RELEASE_2_2_1
RELEASE_2_2_2
RELEASE_2_2_3
RELEASE_2_2_4
RELEASE_2_2_5
RELEASE_2_2_6
RELEASE_2_2_7PL1
RELEASE_2_3_0
RELEASE_2_3_1
RELEASE_2_3_2
RELEASE_2_3_3PL1
RELEASE_2_4_0
RELEASE_2_5_0
RELEASE_2_5_1
RELEASE_2_5_2
RELEASE_2_5_4
RELEASE_2_5_5PL1
RELEASE_2_5_6
RELEASE_2_5_7PL1
RELEASE_2_6_1PL3
RELEASE_2_6_2PL1
RELEASE_2_6_3PL1
RELEASE_2_6_4PL4
RELEASE_2_7_0PL2
RELEASE_2_8_0_4
RELEASE_2_8_1
RELEASE_2_8_2_4
RELEASE_2_9_0
RELEASE_2_9_0_1
RELEASE_2_9_0_2
RELEASE_2_9_1_1
RELEASE_2_9_2
RELEASE_2_9_2RC1
RELEASE_3_0_0
RELEASE_3_0_0ALPHA
RELEASE_3_0_0BETA
RELEASE_3_0_0RC1
RELEASE_3_0_0RC2
RELEASE_3_0_1
RELEASE_3_0_1RC1
RELEASE_3_0_1_1
RELEASE_3_1_0
RELEASE_3_1_0BETA1
RELEASE_3_1_0RC1
RELEASE_3_1_1
RELEASE_3_1_2
RELEASE_3_1_2RC1
RELEASE_3_1_3
RELEASE_3_1_3RC1
RELEASE_3_1_3_1
RELEASE_3_1_3_2
RELEASE_3_1_4
RELEASE_3_1_4RC1
RELEASE_3_1_4RC2
RELEASE_3_1_5
RELEASE_3_1_5RC1
RELEASE_3_2_0
RELEASE_3_2_0BETA1
RELEASE_3_2_0RC1
RELEASE_3_2_0_1
RELEASE_3_2_2
RELEASE_3_2_2RC1
RELEASE_3_2_2_1
RELEASE_3_2_3
RELEASE_3_2_3RC1
RELEASE_3_2_4
RELEASE_3_2_4RC1
RELEASE_3_2_5
RELEASE_3_2_5RC1
RELEASE_3_2_5RC2
RELEASE_3_3_0
RELEASE_3_3_0ALPHA1
RELEASE_3_3_0BETA1
RELEASE_3_3_0RC1
RELEASE_3_3_0RC2
RELEASE_3_3_0RC3
RELEASE_3_3_1
RELEASE_3_3_10
RELEASE_3_3_10RC1
RELEASE_3_3_10_1
RELEASE_3_3_10_2
RELEASE_3_3_10_3
RELEASE_3_3_10_4
RELEASE_3_3_10_5
RELEASE_3_3_1RC1
RELEASE_3_3_2
RELEASE_3_3_2RC1
RELEASE_3_3_3
RELEASE_3_3_3RC1
RELEASE_3_3_4
RELEASE_3_3_4RC1
RELEASE_3_3_5
RELEASE_3_3_5RC1
RELEASE_3_3_5_1
RELEASE_3_3_6
RELEASE_3_3_6RC1
RELEASE_3_3_7
RELEASE_3_3_7RC1
RELEASE_3_3_8
RELEASE_3_3_8RC1
RELEASE_3_3_8_1
RELEASE_3_3_9
RELEASE_3_3_9RC1
RELEASE_3_3_9_1
RELEASE_3_3_9_2
RELEASE_3_4_0
RELEASE_3_4_0ALPHA1
RELEASE_3_4_0ALPHA2
RELEASE_3_4_0BETA1
RELEASE_3_4_0BETA2
RELEASE_3_4_0BETA3
RELEASE_3_4_0BETA4
RELEASE_3_4_0RC1
RELEASE_3_4_0RC2
RELEASE_3_4_1
RELEASE_3_4_10
RELEASE_3_4_10RC1
RELEASE_3_4_10_1
RELEASE_3_4_11
RELEASE_3_4_11RC1
RELEASE_3_4_11_1
RELEASE_3_4_1RC1
RELEASE_3_4_2
RELEASE_3_4_2RC1
RELEASE_3_4_3
RELEASE_3_4_3RC1
RELEASE_3_4_3_1
RELEASE_3_4_3_2
RELEASE_3_4_4
RELEASE_3_4_4RC1
RELEASE_3_4_5
RELEASE_3_4_5RC1
RELEASE_3_4_6
RELEASE_3_4_6RC1
RELEASE_3_4_7
RELEASE_3_4_7RC1
RELEASE_3_4_7_1
RELEASE_3_4_8
RELEASE_3_4_8RC1
RELEASE_3_4_9
RELEASE_3_4_9RC1
RELEASE_3_5_0
RELEASE_3_5_0ALPHA1
RELEASE_3_5_0BETA1
RELEASE_3_5_0RC1
RELEASE_3_5_0RC2
RELEASE_3_5_1
RELEASE_3_5_1RC1
RELEASE_3_5_2
RELEASE_3_5_2RC1
RELEASE_3_5_2_1
RELEASE_3_5_2_2
RELEASE_3_5_3
RELEASE_3_5_3RC1
RELEASE_3_5_4
RELEASE_3_5_4RC1
RELEASE_3_5_5RC1
RELEASE_3_5_6
RELEASE_3_5_6RC1
RELEASE_3_5_7
RELEASE_3_5_7RC1
RELEASE_3_5_8
RELEASE_3_5_8RC1
RELEASE_3_5_8_1
RELEASE_4_0_0
RELEASE_4_0_0ALPHA1
RELEASE_4_0_0ALPHA2
RELEASE_4_0_0BETA1
RELEASE_4_0_0BETA2
RELEASE_4_0_0BETA3
RELEASE_4_0_0RC1
RELEASE_4_0_0RC2
RELEASE_4_0_0RC3
RELEASE_4_0_0RC4