Description

An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

Remediation

References

CVE-2016-6609

Related Vulnerabilities

Magento CVE-2019-8150 Vulnerability (CVE-2019-8150)

Ruby Double Free Vulnerability (CVE-2022-28738)

Serendipity Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2011-1134)

WordPress Plugin WP Infusionsoft WooCommerce Cross-Site Scripting (1.0.8)

Telerik Web UI Missing Authorization Vulnerability (CVE-2021-28141)

Severity

High

Classification

CVE-2016-6609 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities