SQL Injection Vulnerability in phpMyAdmin Affects Multiple Versions
CVE-2016-6611

8.1HIGH

Key Information:

Vendor
PHPmyadmin
Status
PHPmyadmin
Vendor
CVE Published:
11 December 2016

Summary

A vulnerability exists in phpMyAdmin where specially crafted database or table names can be exploited to conduct SQL injection attacks through the export functionality. This flaw impacts phpMyAdmin versions 4.6.x, 4.4.x, and 4.0.x prior to their respective patch releases. It is essential for users of affected versions to apply security updates promptly to safeguard their systems from potential exploitation.

References

https://www.phpmyadmin.net/security/PMASA-2016-34
x_refsource_CONFIRM
http://www.securityfocus.com/bid/94117
vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201701-32
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.