CVE-2016-5732

Gentoo Linux Security Advisory 201701-32

Severity Score

6.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters.

Múltiples vulnerabilidades de XSS en la implementación de partition-range en templates/table/structure/display_partitions.phtml en la página table-structure en phpMyAdmin 4.6.x en versiones anteriores a 4.6.3 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una tabla de parámetros manipulada.

Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could lead to arbitrary code execution. Versions less than 4.6.5.1 are affected.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-06-21 CVE Reserved
2016-07-03 CVE Published
2024-08-06 CVE Updated
2025-04-12 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://github.com/phpmyadmin/phpmyadmin/commit/0815af37f483f329f0c0565d68821fea9c47b5f5	2017-07-01
https://github.com/phpmyadmin/phpmyadmin/commit/792cd1262f012b9b13639519d414f2acaeb5e972	2017-07-01
https://www.phpmyadmin.net/security/PMASA-2016-25	2017-07-01

URL	Date	SRC
https://security.gentoo.org/glsa/201701-32	2017-07-01

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				4.6.0 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "4.6.0"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				4.6.0 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "4.6.0"		alpha1		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				4.6.0 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "4.6.0"		rc1		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				4.6.0 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "4.6.0"		rc2		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				4.6.1 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "4.6.1"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				4.6.2 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "4.6.2"		-		Affected