CVE-2016-6611SQL Injection in Phpmyadmin

CWE-89SQL Injection4 documents4 sources
Severity
8.1HIGHNVD
EPSS
0.4%
top 41.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PhpmyadminDebian Phpmyadmin
Timeline
PublishedDec 11
Latest updateMay 17

Description

An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages3 packages

debiandebian/phpmyadmin< phpmyadmin 4:4.6.4+dfsg1-1 (bookworm)
Debianphpmyadmin/phpmyadmin< 4:4.6.4+dfsg1-1+3
NVDphpmyadmin/phpmyadmin59 versions+58

Patches

Patch: www.phpmyadmin.netPatch: www.phpmyadmin.net

🔴Vulnerability Details

2
GHSA
GHSA-94c8-rc5m-5x39: An issue was discovered in phpMyAdmin2022-05-17
OSV
CVE-2016-6611: An issue was discovered in phpMyAdmin2016-12-11

📋Vendor Advisories

1
Debian
CVE-2016-6611: phpmyadmin - An issue was discovered in phpMyAdmin. A specially crafted database and/or table...2016