WEB APPLICATION VULNERABILITIES Standard & Premium

phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-6611)

Description

An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

Remediation

References

Related Vulnerabilities

WordPress Plugin Simple 301 Redirects by BetterLinks Unspecified Vulnerability (1.06)

Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-39275)

MediaWiki Release of Invalid Pointer or Reference Vulnerability (CVE-2022-28203)

WordPress Plugin Feed Changer & Remover Cross-Site Scripting (0.2)

MySQL Other Vulnerability (CVE-2016-0705)

Severity

High

Classification

CVE-2016-6611 CWE-138 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities