Description

An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

Remediation

References

CVE-2016-6625

Related Vulnerabilities

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-1460)

Joomla! Core 3.x.x Prototype Pollution (3.0.0 - 3.9.4)

WordPress Plugin Video Embed SQL Injection (1.0)

WordPress Plugin CP Contact Form with PayPal Multiple Vulnerabilities (1.1.5)

WordPress Plugin EZ Portfolio Multiple Cross-Site Scripting Vulnerabilities (1.0.1)

Severity

Medium

Classification

CVE-2016-6625 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities