Description

An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

Remediation

References

CVE-2016-6613

Related Vulnerabilities

MODX Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-2080)

WordPress Plugin vSlider Multi Image Slider for WordPress Arbitrary File Upload (4.1.2)

MongoDb Improper Input Validation Vulnerability (CVE-2020-7925)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-17223)

WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor Security Bypass (1.1.59)

Severity

Medium

Classification

CVE-2016-6613 CWE-200 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities