Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

phpMyAdmin Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2016-6609)

Description

An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

Remediation

References

Related Vulnerabilities

phpMyAdmin Resource Management Errors Vulnerability (CVE-2016-6632)

Drupal Improper Input Validation Vulnerability (CVE-2022-25271)

TYPO3 Other Vulnerability (CVE-2007-1081)

MySQL CVE-2018-3084 Vulnerability (CVE-2018-3084)

WordPress Plugin Popup Anything-A Marketing Popup Cross-Site Scripting (2.0.3)

Severity

High

Classification

CVE-2016-6609 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities