CVE-2016-5703 — SQL Injection in Phpmyadmin

CWE-89 — SQL Injection8 documents5 sources

Severity

9.8CRITICALNVD

EPSS

1.6%

top 18.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin Opensuse Leap +1 more

Timeline

PublishedJul 3

Latest updateMay 14

Description

SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.6.3-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:4.6.3-1+3

▶NVDphpmyadmin/phpmyadmin28 versions+27

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.1, 13.2+1

Patches

Patch: github.com ↗Patch: www.phpmyadmin.net ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-mgpp-4w68-qf76: SQL injection vulnerability in libraries/central_columns↗2022-05-14

▶

OSV

CVE-2016-5703: SQL injection vulnerability in libraries/central_columns↗2016-07-03

▶

📋Vendor Advisories

Debian

CVE-2016-5703: phpmyadmin - SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4...↗2016

▶

💬Community

Bugzilla

CVE-2016-5701 CVE-2016-5702 CVE-2016-5703 CVE-2016-5704 CVE-2016-5705 CVE-2016-5706 CVE-2016-5730 CVE-2016-5731 CVE-2016-5732 CVE-2016-5733 CVE-2016-5734 CVE-2016-5739 phpMyAdmin: 4.6.3, 4.4.15.7 and ↗2016-06-23

▶

Bugzilla

▶

Bugzilla

▶

Bugzilla

▶