Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-6619)

Description

An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

Remediation

References

Related Vulnerabilities

WordPress Plugin VO Store Locator-WP Store Locator Unspecified Vulnerability (3.2.14)

WordPress Plugin WordPress Filter Gallery Security Bypass (0.0.6)

MySQL CVE-2019-3018 Vulnerability (CVE-2019-3018)

WordPress Plugin Events Manager Extended Multiple HTML Injection Vulnerabilities (3.1.2)

WordPress Plugin SlideDeck 2 Lite Responsive Content Slider Local/Remote File Inclusion (2.3.3)

Severity

High

Classification

CVE-2016-6619 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities