WEB APPLICATION VULNERABILITIES Standard & Premium

phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-6611)

Description

An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

Remediation

References

Related Vulnerabilities

Joomla! Core 3.0.x Security Bypass (3.0.0 - 3.0.3)

WordPress Other Vulnerability (CVE-2007-1230)

WordPress Plugin cloudsafe365_for_WP 'file' Parameter Remote File Disclosure (1.46)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-2362)

WordPress Plugin WP Super Cache Multiple Vulnerabilities (1.4.4)

Severity

High

Classification

CVE-2016-6611 CWE-138 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities