Login Sign Up

CVE-2021-26939

7.5 HIGH

📋 TL;DR

This CVE describes an information disclosure vulnerability in henriquedornas 5.2.17 that allows attackers to dump phpMyAdmin SQL content, potentially exposing sensitive database information. The vulnerability affects systems running the vulnerable version of henriquedornas with phpMyAdmin. Third-party reports suggest this may be a site-specific configuration issue rather than a universal vulnerability.

💻 Affected Systems

Products:
  • henriquedornas
Versions: 5.2.17
Operating Systems: Linux-based systems where henriquedornas is deployed
Default Config Vulnerable: ⚠️ Yes
Notes: Third-party reports indicate this may be site-specific rather than a universal vulnerability in the software. Requires phpMyAdmin to be present and accessible.

📦 What is this software?

Henriquedornas by Henriquedornas

View all CVEs affecting Henriquedornas →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete exposure of all phpMyAdmin-managed databases including sensitive data like credentials, personal information, and proprietary business data.

🟠

Likely Case

Partial database exposure depending on attacker's access level and system configuration, potentially revealing sensitive information.

🟢

If Mitigated

No data exposure if proper access controls, network segmentation, and authentication are implemented.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation appears straightforward based on available information. The vulnerability allows dumping SQL content without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available, or implement workarounds.

🔧 Temporary Workarounds

Restrict phpMyAdmin Access

linux

Limit access to phpMyAdmin interface using firewall rules or web server configuration

# Example: Restrict to specific IPs in Apache
<Directory "/usr/share/phpmyadmin">
    Require ip 192.168.1.0/24
</Directory>
# Example: iptables rule
iptables -A INPUT -p tcp --dport 80 -s ! 192.168.1.0/24 -j DROP

Remove or Disable phpMyAdmin

linux

Remove phpMyAdmin if not required, or disable access to it

# Remove phpMyAdmin
apt remove phpmyadmin
# Disable phpMyAdmin directory
mv /usr/share/phpmyadmin /usr/share/phpmyadmin.disabled

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can reach the phpMyAdmin interface
  • Enable authentication and use strong credentials for phpMyAdmin access

🔍 How to Verify

Check if Vulnerable:

Check if henriquedornas version 5.2.17 is installed and phpMyAdmin is accessible. Review system logs for unauthorized access attempts to phpMyAdmin.

Check Version:

Check package manager or application version files specific to your distribution

Verify Fix Applied:

Verify phpMyAdmin is no longer accessible or is properly secured. Test access from unauthorized networks.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to phpMyAdmin URLs
  • Large SQL export operations
  • Unusual database query patterns

Network Indicators:

  • Unexpected traffic to phpMyAdmin port (typically 80/443)
  • SQL dump file transfers

SIEM Query:

source="web_server" AND (url="*phpmyadmin*" OR url="*sql*" OR url="*export*") AND status="200" AND src_ip NOT IN [allowed_ips]

📊 Metadata

CVE ID: CVE-2021-26939
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Published: February 10, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON