Description

An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected.

Remediation

References

CVE-2016-6616

Related Vulnerabilities

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6102)

phpMyAdmin Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-4987)

MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-4627)

WordPress Plugin WooPay-Inicis Cross-Site Scripting (1.1.3)

Oracle JRE CVE-2014-0459 Vulnerability (CVE-2014-0459)

Severity

High

Classification

CVE-2016-6616 CWE-138 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities