Description

An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

Remediation

References

CVE-2016-6619

Related Vulnerabilities

WordPress Plugin Simply Poll SQL Injection (1.4.1)

WordPress Plugin post highlights Cross-Site Scripting (2.6)

WordPress Plugin Wholesale Market for WooCommerce Arbitrary File Download (1.0.7)

WordPress Plugin Mobile App Native (Make a mobile app-Native iPhone & Android Mobile App FREE) Arbitrary File Upload (3.0)

Mailman Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2015-2775)

Severity

High

Classification

CVE-2016-6619 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities