Description

An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected.

Remediation

References

CVE-2016-6616

Related Vulnerabilities

Ruby Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-2339)

Nginx Out-of-bounds Write Vulnerability (CVE-2022-41741)

Python Incorrect Type Conversion or Cast Vulnerability (CVE-2020-10735)

Joomla Improper Input Validation Vulnerability (CVE-2020-11890)

WordPress Plugin NextMove Lite-Thank You Page for WooCommerce Cross-Site Request Forgery (2.18.1)

Severity

High

Classification

CVE-2016-6616 CWE-138 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities