Description

An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected.

Remediation

References

CVE-2016-6616

Related Vulnerabilities

WordPress Plugin Catch Breadcrumb Cross-Site Scripting (1.5.4)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-41224)

Oracle Database Server CVE-2006-0282 Vulnerability (CVE-2006-0282)

Plone CMS Improper Input Validation Vulnerability (CVE-2015-7318)

Sqlite Use After Free Vulnerability (CVE-2020-11656)

Severity

High

Classification

CVE-2016-6616 CWE-138 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities