Description

An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

Remediation

References

CVE-2016-6624

Related Vulnerabilities

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2359)

WordPress Plugin Funnel Builder by CartFlows-Create High Converting Sales Funnels For WordPress Privilege Escalation (1.3.0)

MySQL CVE-2012-1703 Vulnerability (CVE-2012-1703)

WordPress Plugin WP Symposium Pro Social Network Multiple Vulnerabilities (15.12)

Mailman Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2006-4624)

Severity

Medium

Classification

CVE-2016-6624 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities