Description

An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

Remediation

References

CVE-2016-6613

Related Vulnerabilities

Joomla! Core 1.7.x Security Bypass (1.7.0 - 1.7.2)

phpMyFAQ Improper Access Control Vulnerability (CVE-2024-22202)

WordPress Plugin Simple add pages or posts Cross-Site Request Forgery (1.6)

WordPress Plugin Cart66 Lite::WordPress Ecommerce SQL Injection (1.5.1.17)

Microsoft SQL Server Remote Code Execution Vulnerability (CVE-2019-1068)

Severity

Medium

Classification

CVE-2016-6613 CWE-200 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities