CVE-2016-6629

9.8CRITICAL

Key Information:

Vendor
PHPmyadmin
Status
PHPmyadmin
Vendor
CVE Published:
11 December 2016

Summary

An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

References

https://www.phpmyadmin.net/security/PMASA-2016-52
x_refsource_CONFIRM
http://www.securityfocus.com/bid/92493
vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201701-32
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.