Description

An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected.

Remediation

References

CVE-2016-6616

Related Vulnerabilities

WordPress Plugin Fancy Product Designer-WooCommerce SQL Injection (4.7.4)

b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7149)

Moodle Improper Privilege Management Vulnerability (CVE-2019-3849)

WordPress Plugin Modern Events Calendar Lite Cross-Site Scripting (5.22.1)

Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-38745)

Severity

High

Classification

CVE-2016-6616 CWE-138 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities