CVSS: 5.3EPSS: 0%CPEs: 33EXPL: 0CVE-2016-9853
https://notcve.org/view.php?id=CVE-2016-9853
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the fopen wrapper issue. • http://www.securityfocus.com/bid/94527 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-63 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 64EXPL: 0CVE-2016-6611
https://notcve.org/view.php?id=CVE-2016-6611
An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un nombre de tabla y/o de base de datos especialmente manipulada puede ser utilizado para desencadenar un ataque de inyección SQL a través de la funcionalidad de exportación. • http://www.securityfocus.com/bid/94117 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-34 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 60EXPL: 0CVE-2016-6620
https://notcve.org/view.php?id=CVE-2016-6620
An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. • http://www.securityfocus.com/bid/95055 https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-43 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6630
https://notcve.org/view.php?id=CVE-2016-6630
An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un usuario autenticado puede desencadenar un ataque de denegación de servicio (DoS) al introducir una contraseña muy larga en el cuadro de diálogo de cambio de contraseña. • http://www.securityfocus.com/bid/92501 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-53 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 30EXPL: 0CVE-2016-5099
https://notcve.org/view.php?id=CVE-2016-5099
Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding. Vulnerabilidad de XSS en phpMyAdmin 4.4.x en versiones anteriores a 4.4.15.6 y 4.6.x en versiones anteriores a 4.6.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de caracteres especiales que no son manejados adecuadamente durante la doble decodificación URL. • http://lists.opensuse.org/opensuse-updates/2016-06/msg00043.html http://www.debian.org/security/2016/dsa-3627 http://www.securityfocus.com/bid/90877 http://www.securitytracker.com/id/1035979 https://github.com/phpmyadmin/phpmyadmin/commit/b061096abd992801fbbd805ef6ff74e627528780 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •