Description

An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

Remediation

References

CVE-2016-6614

Related Vulnerabilities

WordPress Plugin Redirection for Contact Form 7 Multiple Vulnerabilities (2.3.3)

phpMyAdmin Improper Input Validation Vulnerability (CVE-2017-1000014)

WordPress Plugin Dtracker Multiple Vulnerabilities (1.5)

ReviveAdserver Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9129)

WordPress Plugin Gallery-Responsive Photo and Video Gallery by Limb Cross-Site Scripting (1.3.2)

Severity

Medium

Classification

CVE-2016-6614 CWE-22 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities