Description

An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4) are affected.

Remediation

References

CVE-2016-6617

Related Vulnerabilities

WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark SQL Injection (2.8.6)

WeBid Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7118)

WordPress Plugin Essential Widgets Security Bypass (1.8)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-6297)

WordPress Plugin Easy2Map Photos Cross-Site Scripting (2.0.6)

Severity

High

Classification

CVE-2016-6617 CWE-138 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities