Description

An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

Remediation

References

CVE-2016-6609

Related Vulnerabilities

MySQL CVE-2020-2589 Vulnerability (CVE-2020-2589)

WordPress Plugin Colorful Categories Cross-Site Request Forgery (2.0.14)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-4863)

SharePoint Out-of-bounds Read Vulnerability (CVE-2020-1342)

Elgg Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2935)

Severity

High

Classification

CVE-2016-6609 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities