Description

An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

Remediation

References

CVE-2016-6619

Related Vulnerabilities

WordPress Plugin AutomatorWP-The most flexible and powerful no-code automation for WordPress Cross-Site Request Forgery (2.5.8)

WordPress Plugin Product Size charts for Woocommerce Unspecified Vulnerability (1.0)

MODX Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000208)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5335)

Drupal Core 4.6.x Cross-Site Request Forgery (4.6.0 - 4.6.9)

Severity

High

Classification

CVE-2016-6619 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities