Description

An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

Remediation

References

CVE-2016-9850

Related Vulnerabilities

WebLogic CVE-2023-22031 Vulnerability (CVE-2023-22031)

WordPress Plugin Row Seats Core Unspecified Vulnerability (2.66)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33943)

WordPress Plugin Church Admin 'id' Parameter Cross-Site Scripting (0.33.4.5)

Omeka Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-3980)

Severity

Medium

Classification

CVE-2016-9850 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities