CVSS: 8.8EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6619
https://notcve.org/view.php?id=CVE-2016-6619
An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. En la característica de preferencia de interfaz de usuario, un usuario puede ejecutar un ataque de inyección SQL contra la cuenta del usuario de control. • http://www.securityfocus.com/bid/95048 https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-42 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 64EXPL: 0CVE-2016-6607
https://notcve.org/view.php?id=CVE-2016-6607
XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack); Relation view; the following Transformations: Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline, and transformation wrapper; XML export; MediaWiki export; Designer; When the MySQL server is running with a specially-crafted log_bin directive; Database tab; Replication feature; and Database search. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrieron problemas de XSS en phpMyAdmin. Esto afecta a la búsqueda de Zoom (contenido de columna especialmente manipulado puede ser utilizado para desencadenar un ataque XSS); GIS editor (ciertos campos en el gráfico GIS editor no se evaden adecuadamente y puede ser utilizado para desencadenar un ataque XSS); Relation view; las siguientes transformaciones: Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline y transformation wrapper; XML export; MediaWiki export; Designer; Cuando el servidor MySQL se ejecuta con una directiva log_bin especialmente manipulada; pestaña de base de datos; función de replicación; y búsqueda de base de datos. • http://www.securityfocus.com/bid/93257 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-30 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6627
https://notcve.org/view.php?id=CVE-2016-6627
An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un atacante puede determinar la localización del host phpMyAdmin a través del archivo url.php. • http://www.securityfocus.com/bid/92494 https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-50 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-9862
https://notcve.org/view.php?id=CVE-2016-9862
An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected. Se descubrió un problema en phpMyAdmin. Con una solicitud de inicio de sesión manipulada es posible inyectar BBCode en la página de inicio de sesión. • http://www.securityfocus.com/bid/94528 https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-67 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 60EXPL: 0CVE-2016-6609
https://notcve.org/view.php?id=CVE-2016-6609
An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Se descubrió un problema en phpMyAdmin. Un nombre de base de datos especialmente manipulado podría ser utilizado para ejecutar comandos PHP arbitrarios a través de la función de exportación del array. • http://www.securityfocus.com/bid/94112 https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-32 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •