Description

An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

Remediation

References

CVE-2016-6609

Related Vulnerabilities

Oracle JRE CVE-2019-2987 Vulnerability (CVE-2019-2987)

EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2022-38845)

MySQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1626)

WordPress Plugin BuddyPress Arbitrary File Deletion (2.7.3)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4790)

Severity

High

Classification

CVE-2016-6609 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities