CVE-2016-6621 — Server-Side Request Forgery in Phpmyadmin

CWE-918 — Server-Side Request Forgery5 documents4 sources

Severity

8.6HIGHNVD

EPSS

0.4%

top 40.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedJan 31

Latest updateMay 14

Description

The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages4 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.6.6-1 (bookworm)

▶Packagistphpmyadmin/phpmyadmin4.6.0 — 4.6.6+2

▶Debianphpmyadmin/phpmyadmin< 4:4.6.6-1+3

▶NVDphpmyadmin/phpmyadmin4.0.10.18+32

🔴Vulnerability Details

OSV

phpMyAdmin server-side request forgery (SSRF)↗2022-05-14

▶

GHSA

phpMyAdmin server-side request forgery (SSRF)↗2022-05-14

▶

OSV

CVE-2016-6621: The setup script for phpMyAdmin before 4↗2017-01-31

▶

📋Vendor Advisories

Debian

CVE-2016-6621: phpmyadmin - The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4....↗2016

▶