An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
{"id": "ALPINE:CVE-2016-6606", "vendorId": null, "type": "alpinelinux", "bulletinFamily": "unix", "title": "CVE-2016-6606", "description": "An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.", "published": "2016-12-11T02:59:00", "modified": "2017-07-01T01:30:00", "epss": [{"cve": "CVE-2016-6606", "epss": 0.00199, "percentile": 0.57485, "modified": "2023-12-02"}], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 5.9}, "href": "https://security.alpinelinux.org/vuln/CVE-2016-6606", "reporter": "Alpine Linux Development Team", "references": [], "cvelist": ["CVE-2016-6606"], "immutableFields": [], "lastseen": "2023-12-02T17:25:20", "viewCount": 8, "enchantments": {"score": {"value": 6.9, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-6606"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1821-1:61580", "DEBIAN:DLA-1821-1:AF0F6", "DEBIAN:DLA-626-1:06B75"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-6606"]}, {"type": "freebsd", "idList": ["EF70B201-645D-11E6-9CDC-6805CA0B3D42"]}, {"type": "gentoo", "idList": ["GLSA-201701-32"]}, {"type": "mageia", "idList": ["MGASA-2016-0291"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-1821.NASL", "DEBIAN_DLA-626.NASL", "FREEBSD_PKG_EF70B201645D11E69CDC6805CA0B3D42.NASL", "GENTOO_GLSA-201701-32.NASL", "OPENSUSE-2016-1021.NASL", "OPENSUSE-2016-1027.NASL", "PHPMYADMIN_PMASA_2016_29.NASL", "PHPMYADMIN_PMASA_4_6_4.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108128", "OPENVAS:1361412562310108129", "OPENVAS:1361412562310851387", "OPENVAS:1361412562310891821"]}, {"type": "osv", "idList": ["OSV:CVE-2016-6606", "OSV:DLA-626-1"]}, {"type": "phpmyadmin", "idList": ["PHPMYADMIN:PMASA-2016-29"]}, {"type": "prion", "idList": ["PRION:CVE-2016-6606"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:2168-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-6606"]}]}, "vulnersScore": 6.9}, "_state": {"score": 1701538112, "dependencies": 1701546193}, "_internal": {"score_hash": "ba4752e89bf4f50624fb76f2b003d2f3"}, "affectedPackage": [{"OS": "Alpine", "OSVersion": "3.2-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "4.4.15.8-r0", "operator": "lt", "packageName": "phpmyadmin"}]}
{"cve": [{"lastseen": "2023-12-02T15:31:50", "description": "An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-12-11T02:59:00", "type": "cve", "title": "CVE-2016-6606", "cwe": ["CWE-200", "CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6606"], "modified": "2017-07-01T01:30:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin:4.4.15", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.9", "cpe:/a:phpmyadmin:phpmyadmin:4.0.4.1", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15.4", "cpe:/a:phpmyadmin:phpmyadmin:4.0.9", "cpe:/a:phpmyadmin:phpmyadmin:4.0.5", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.5", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.2", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15.2", "cpe:/a:phpmyadmin:phpmyadmin:4.4.7", "cpe:/a:phpmyadmin:phpmyadmin:4.4.11", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.3", "cpe:/a:phpmyadmin:phpmyadmin:4.4.13", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.15", "cpe:/a:phpmyadmin:phpmyadmin:4.4.0", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.1", "cpe:/a:phpmyadmin:phpmyadmin:4.4.2", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.6", "cpe:/a:phpmyadmin:phpmyadmin:4.0.3", "cpe:/a:phpmyadmin:phpmyadmin:4.4.10", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15.3", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.8", "cpe:/a:phpmyadmin:phpmyadmin:4.6.0", "cpe:/a:phpmyadmin:phpmyadmin:4.4.14.1", "cpe:/a:phpmyadmin:phpmyadmin:4.0.8", "cpe:/a:phpmyadmin:phpmyadmin:4.0.4.2", "cpe:/a:phpmyadmin:phpmyadmin:4.0.0", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.13", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10", "cpe:/a:phpmyadmin:phpmyadmin:4.6.2", "cpe:/a:phpmyadmin:phpmyadmin:4.0.4", "cpe:/a:phpmyadmin:phpmyadmin:4.4.8", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15.6", "cpe:/a:phpmyadmin:phpmyadmin:4.0.1", "cpe:/a:phpmyadmin:phpmyadmin:4.4.4", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.10", "cpe:/a:phpmyadmin:phpmyadmin:4.4.13.1", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.14", "cpe:/a:phpmyadmin:phpmyadmin:4.4.6.1", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.11", "cpe:/a:phpmyadmin:phpmyadmin:4.4.9", "cpe:/a:phpmyadmin:phpmyadmin:4.4.3", "cpe:/a:phpmyadmin:phpmyadmin:4.0.2", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15.1", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.16", "cpe:/a:phpmyadmin:phpmyadmin:4.6.3", "cpe:/a:phpmyadmin:phpmyadmin:4.4.1", "cpe:/a:phpmyadmin:phpmyadmin:4.0.6", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.12", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15.7", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.7", "cpe:/a:phpmyadmin:phpmyadmin:4.4.6", "cpe:/a:phpmyadmin:phpmyadmin:4.6.1", "cpe:/a:phpmyadmin:phpmyadmin:4.4.14", "cpe:/a:phpmyadmin:phpmyadmin:4.4.5", "cpe:/a:phpmyadmin:phpmyadmin:4.0.7", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.4", "cpe:/a:phpmyadmin:phpmyadmin:4.4.1.1", "cpe:/a:phpmyadmin:phpmyadmin:4.4.15.5", "cpe:/a:phpmyadmin:phpmyadmin:4.4.12"], "id": "CVE-2016-6606", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6606", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.11:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.14:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.13:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.10:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.16:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.15:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.9:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.12:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2023-12-02T18:29:09", "description": "An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-12-11T02:59:00", "type": "debiancve", "title": "CVE-2016-6606", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6606"], "modified": "2016-12-11T02:59:00", "id": "DEBIANCVE:CVE-2016-6606", "href": "https://security-tracker.debian.org/tracker/CVE-2016-6606", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "osv": [{"lastseen": "2023-06-27T02:17:04", "description": "An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.", "cvss3": {}, "published": "2016-12-11T02:59:00", "type": "osv", "title": "CVE-2016-6606", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2016-6606"], "modified": "2023-06-27T02:16:50", "id": "OSV:CVE-2016-6606", "href": "https://osv.dev/vulnerability/CVE-2016-6606", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-07-21T08:13:02", "description": "\nPhpmyadmin, a web administration tool for MySQL, had several\nvulnerabilities reported.\n\n\n* [CVE-2016-6606](https://security-tracker.debian.org/tracker/CVE-2016-6606)\nA pair of vulnerabilities were found affecting the way cookies are\n stored.\n\n\nThe decryption of the username/password is vulnerable to a padding\n oracle attack. The can allow an attacker who has access to a user's\n browser cookie file to decrypt the username and password.\n\n\nA vulnerability was found where the same initialization vector\n is used to hash the username and password stored in the phpMyAdmin\n cookie. If a user has the same password as their username, an\n attacker who examines the browser cookie can see that they are the\n same \u00e2\u0080\u0094 but the attacker can not directly decode these values from\n the cookie as it is still hashed.\n* [CVE-2016-6607](https://security-tracker.debian.org/tracker/CVE-2016-6607)\nCross site scripting vulnerability in the replication feature\n* [CVE-2016-6609](https://security-tracker.debian.org/tracker/CVE-2016-6609)\nA specially crafted database name could be used to run arbitrary PHP\n commands through the array export feature.\n* [CVE-2016-6611](https://security-tracker.debian.org/tracker/CVE-2016-6611)\nA specially crafted database and/or table name can be used to trigger\n an SQL injection attack through the SQL export functionality.\n* [CVE-2016-6612](https://security-tracker.debian.org/tracker/CVE-2016-6612)\nA user can exploit the LOAD LOCAL INFILE functionality to expose\n files on the server to the database system.\n* [CVE-2016-6613](https://security-tracker.debian.org/tracker/CVE-2016-6613)\nA user can specially craft a symlink on disk, to a file which\n phpMyAdmin is permitted to read but the user is not, which\n phpMyAdmin will then expose to the user.\n* [CVE-2016-6614](https://security-tracker.debian.org/tracker/CVE-2016-6614)\nA vulnerability was reported with the %u username replacement\n functionality of the SaveDir and UploadDir features. When the\n username substitution is configured, a specially-crafted user name\n can be used to circumvent restrictions to traverse the file system.\n* [CVE-2016-6620](https://security-tracker.debian.org/tracker/CVE-2016-6620)\nA vulnerability was reported where some data is passed to the PHP\n unserialize() function without verification that it's valid\n serialized data. Due to how the PHP function operates,\n unserialization can result in code being loaded and executed due to\n object instantiation and autoloading, and a malicious user may be\n able to exploit this.\n Therefore, a malicious user may be able to manipulate the stored\n data in a way to exploit this weakness.\n* [CVE-2016-6622](https://security-tracker.debian.org/tracker/CVE-2016-6622)\nAn unauthenticated user is able to execute a denial-of-service\n attack by forcing persistent connections when phpMyAdmin is running\n with $cfg['AllowArbitraryServer']=true;.\n* [CVE-2016-6623](https://security-tracker.debian.org/tracker/CVE-2016-6623)\nA malicious authorized user can cause a denial-of-service attack\n on a server by passing large values to a loop.\n* [CVE-2016-6624](https://security-tracker.debian.org/tracker/CVE-2016-6624)\nA vulnerability was discovered where, under certain circumstances,\n it may be possible to circumvent the phpMyAdmin IP-based\n authentication rules.\n When phpMyAdmin is used with IPv6 in a proxy server environment,\n and the proxy server is in the allowed range but the attacking\n computer is not allowed, this vulnerability can allow the attacking\n computer to connect despite the IP rules.\n* [CVE-2016-6630](https://security-tracker.debian.org/tracker/CVE-2016-6630)\nAn authenticated user can trigger a denial-of-service attack by\n entering a very long password at the change password dialog.\n* [CVE-2016-6631](https://security-tracker.debian.org/tracker/CVE-2016-6631)\nA vulnerability was discovered where a user can execute a remote\n code execution attack against a server when phpMyAdmin is being\n run as a CGI application. Under certain server configurations,\n a user can pass a query string which is executed as a\n command-line argument by shell scripts.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n3.4.11.1-2+deb7u6.\n\n\nWe recommend that you upgrade your phpmyadmin packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-17T00:00:00", "type": "osv", "title": "phpmyadmin - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6614", "CVE-2016-6612", "CVE-2016-6611", "CVE-2016-6630", "CVE-2016-6609", "CVE-2016-6622", "CVE-2016-6607", "CVE-2016-6613", "CVE-2016-6606", "CVE-2016-6620", "CVE-2016-6623", "CVE-2016-6624", "CVE-2016-6631"], "modified": "2022-07-21T05:54:38", "id": "OSV:DLA-626-1", "href": "https://osv.dev/vulnerability/DLA-626-1", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "prion": [{"lastseen": "2023-11-22T03:37:27", "description": "An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-12-11T02:59:00", "type": "prion", "title": "Default credentials", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6606"], "modified": "2017-07-01T01:30:00", "id": "PRION:CVE-2016-6606", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2016-6606", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "phpmyadmin": [{"lastseen": "2023-12-02T15:46:05", "description": "## PMASA-2016-29\n\n**Announcement-ID:** PMASA-2016-29\n\n**Date:** 2016-07-07\n\n### Summary\n\nWeakness with cookie encryption\n\n### Description\n\nA pair of vulnerabilities were found affecting the way cookies are stored.\n\n * The decryption of the username/password is vulnerable to a padding oracle attack. The can allow an attacker who has access to a user's browser cookie file to decrypt the username and password.\n * A vulnerability was found where the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same \u2014 but the attacker can not directly decode these values from the cookie as it is still hashed.\n\n### Severity\n\nWe consider this to be critical.\n\n### Affected Versions\n\nAll 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected\n\n### Solution\n\nUpgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch listed below.\n\n### References\n\nThanks to Emanuel Bronshtein [@e3amn2l](<https://twitter.com/e3amn2l>) for reporting this vulnerability.\n\nAssigned CVE ids: [CVE-2016-6606](<https://vulners.com/cve/CVE-2016-6606>)\n\nCWE ids: [CWE-661](<https://cwe.mitre.org/data/definitions/661.html>)\n\n### Patches\n\nThe following commits have been made on the 4.6 branch to fix this issue:\n\n * [a97be3a](<https://github.com/phpmyadmin/phpmyadmin/commit/a97be3a>)\n\nThe following commits have been made on the 4.4 branch to fix this issue:\n\n * [cd682a6](<https://github.com/phpmyadmin/phpmyadmin/commit/cd682a6>)\n\nThe following commits have been made on the 4.0 branch to fix this issue:\n\n * [95b7b7d](<https://github.com/phpmyadmin/phpmyadmin/commit/95b7b7d>)\n\n### More information\n\nFor further information and in case of questions, please contact the phpMyAdmin team. Our website is [ phpmyadmin.net](<https://www.phpmyadmin.net/>). \n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-07-07T00:00:00", "type": "phpmyadmin", "title": "Weakness with cookie encryption", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6606"], "modified": "2016-07-07T00:00:00", "id": "PHPMYADMIN:PMASA-2016-29", "href": "https://www.phpmyadmin.net/security/PMASA-2016-29/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ubuntucve": [{"lastseen": "2023-12-01T15:25:59", "description": "An issue was discovered in cookie encryption in phpMyAdmin. The decryption\nof the username/password is vulnerable to a padding oracle attack. This can\nallow an attacker who has access to a user's browser cookie file to decrypt\nthe username and password. Furthermore, the same initialization vector (IV)\nis used to hash the username and password stored in the phpMyAdmin cookie.\nIf a user has the same password as their username, an attacker who examines\nthe browser cookie can see that they are the same - but the attacker can\nnot directly decode these values from the cookie as it is still hashed. All\n4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and\n4.0.x versions (prior to 4.0.10.17) are affected.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-12-11T00:00:00", "type": "ubuntucve", "title": "CVE-2016-6606", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6606"], "modified": "2016-12-11T00:00:00", "id": "UB:CVE-2016-6606", "href": "https://ubuntu.com/security/CVE-2016-6606", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2023-12-02T17:06:09", "description": "Package : phpmyadmin\nVersion : 3.4.11.1-2+deb7u6\nCVE ID : CVE-2016-6606 CVE-2016-6607 CVE-2016-6609 CVE-2016-6611\n CVE-2016-6612 CVE-2016-6613 CVE-2016-6614 CVE-2016-6620\n CVE-2016-6622 CVE-2016-6623 CVE-2016-6624 CVE-2016-6630\n CVE-2016-6631\n\nPhpmyadmin, a web administration tool for MySQL, had several\nvulnerabilities reported.\n\nCVE-2016-6606\n\n A pair of vulnerabilities were found affecting the way cookies are\n stored.\n\n The decryption of the username/password is vulnerable to a padding\n oracle attack. The can allow an attacker who has access to a user's\n browser cookie file to decrypt the username and password.\n\n A vulnerability was found where the same initialization vector\n is used to hash the username and password stored in the phpMyAdmin\n cookie. If a user has the same password as their username, an\n attacker who examines the browser cookie can see that they are the\n same \u2014 but the attacker can not directly decode these values from\n the cookie as it is still hashed.\n\nCVE-2016-6607\n\n Cross site scripting vulnerability in the replication feature\n\nCVE-2016-6609\n\n A specially crafted database name could be used to run arbitrary PHP\n commands through the array export feature.\n\nCVE-2016-6611\n\n A specially crafted database and/or table name can be used to trigger\n an SQL injection attack through the SQL export functionality.\n\nCVE-2016-6612\n\n A user can exploit the LOAD LOCAL INFILE functionality to expose\n files on the server to the database system.\n\nCVE-2016-6613\n\n A user can specially craft a symlink on disk, to a file which\n phpMyAdmin is permitted to read but the user is not, which\n phpMyAdmin will then expose to the user.\n\nCVE-2016-6614\n\n A vulnerability was reported with the %u username replacement\n functionality of the SaveDir and UploadDir features. When the\n username substitution is configured, a specially-crafted user name\n can be used to circumvent restrictions to traverse the file system.\n\nCVE-2016-6620\n\n A vulnerability was reported where some data is passed to the PHP\n unserialize() function without verification that it's valid\n serialized data. Due to how the PHP function operates,\n unserialization can result in code being loaded and executed due to\n object instantiation and autoloading, and a malicious user may be\n able to exploit this.\n Therefore, a malicious user may be able to manipulate the stored\n data in a way to exploit this weakness.\n\nCVE-2016-6622\n\n An unauthenticated user is able to execute a denial-of-service\n attack by forcing persistent connections when phpMyAdmin is running\n with $cfg['AllowArbitraryServer']=true;.\n\nCVE-2016-6623\n\n A malicious authorized user can cause a denial-of-service attack\n on a server by passing large values to a loop.\n\nCVE-2016-6624\n\n A vulnerability was discovered where, under certain circumstances,\n it may be possible to circumvent the phpMyAdmin IP-based\n authentication rules.\n When phpMyAdmin is used with IPv6 in a proxy server environment,\n and the proxy server is in the allowed range but the attacking\n computer is not allowed, this vulnerability can allow the attacking\n computer to connect despite the IP rules.\n\nCVE-2016-6630\n\n An authenticated user can trigger a denial-of-service attack by\n entering a very long password at the change password dialog.\n\nCVE-2016-6631\n\n A vulnerability was discovered where a user can execute a remote\n code execution attack against a server when phpMyAdmin is being\n run as a CGI application. Under certain server configurations,\n a user can pass a query string which is executed as a\n command-line argument by shell scripts.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n3.4.11.1-2+deb7u6.\n\nWe recommend that you upgrade your phpmyadmin packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n- -- \n --------------------- Ola Lundqvist ---------------------------\n/ opal@debian.org Folkebogatan 26 \\\n| ola@inguza.com 654 68 KARLSTAD |\n| http://inguza.com/ +46 (0)70-332 1551 |\n\\ gpg/f.p.: 22F2 32C6 B1E0 F4BF 2B26 0A6A 5E90 DCFA 9426 876F /\n ---------------------------------------------------------------", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-09-17T21:19:36", "type": "debian", "title": "[SECURITY] [DLA 626-1] phpmyadmin security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6606", "CVE-2016-6607", "CVE-2016-6609", "CVE-2016-6611", "CVE-2016-6612", "CVE-2016-6613", "CVE-2016-6614", "CVE-2016-6620", "CVE-2016-6622", "CVE-2016-6623", "CVE-2016-6624", "CVE-2016-6630", "CVE-2016-6631"], "modified": "2016-09-17T21:19:36", "id": "DEBIAN:DLA-626-1:06B75", "href": "https://lists.debian.org/debian-lts-announce/2016/09/msg00019.html", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T12:12:47", "description": "Package : phpmyadmin\nVersion : 4:4.2.12-2+deb8u6\nCVE ID : CVE-2016-6606 CVE-2016-6607 CVE-2016-6611 CVE-2016-6612\n CVE-2016-6613 CVE-2016-6624 CVE-2016-6626 CVE-2016-6627\n CVE-2016-6628 CVE-2016-6630 CVE-2016-6631 CVE-2016-6632\n CVE-2016-9849 CVE-2016-9850 CVE-2016-9861 CVE-2016-9864\n CVE-2019-12616\nDebian Bug : 930017\n\nMultiple security vulnerabilities were fixed in phpmyadmin, a MySQL web\nadministration tool, which prevent possible SQL injection attacks, CSRF,\nthe bypass of user restrictions, information disclosure or\ndenial-of-service.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n4:4.2.12-2+deb8u6.\n\nWe recommend that you upgrade your phpmyadmin packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-06-17T20:41:59", "type": "debian", "title": "[SECURITY] [DLA 1821-1] phpmyadmin security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6606", "CVE-2016-6607", "CVE-2016-6611", "CVE-2016-6612", "CVE-2016-6613", "CVE-2016-6624", "CVE-2016-6626", "CVE-2016-6627", "CVE-2016-6628", "CVE-2016-6630", "CVE-2016-6631", "CVE-2016-6632", "CVE-2016-9849", "CVE-2016-9850", "CVE-2016-9861", "CVE-2016-9864", "CVE-2019-12616"], "modified": "2019-06-17T20:41:59", "id": "DEBIAN:DLA-1821-1:61580", "href": "https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-12-02T16:28:49", "description": "Package : phpmyadmin\nVersion : 4:4.2.12-2+deb8u6\nCVE ID : CVE-2016-6606 CVE-2016-6607 CVE-2016-6611 CVE-2016-6612\n CVE-2016-6613 CVE-2016-6624 CVE-2016-6626 CVE-2016-6627\n CVE-2016-6628 CVE-2016-6630 CVE-2016-6631 CVE-2016-6632\n CVE-2016-9849 CVE-2016-9850 CVE-2016-9861 CVE-2016-9864\n CVE-2019-12616\nDebian Bug : 930017\n\nMultiple security vulnerabilities were fixed in phpmyadmin, a MySQL web\nadministration tool, which prevent possible SQL injection attacks, CSRF,\nthe bypass of user restrictions, information disclosure or\ndenial-of-service.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n4:4.2.12-2+deb8u6.\n\nWe recommend that you upgrade your phpmyadmin packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-17T20:41:59", "type": "debian", "title": "[SECURITY] [DLA 1821-1] phpmyadmin security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6606", "CVE-2016-6607", "CVE-2016-6611", "CVE-2016-6612", "CVE-2016-6613", "CVE-2016-6624", "CVE-2016-6626", "CVE-2016-6627", "CVE-2016-6628", "CVE-2016-6630", "CVE-2016-6631", "CVE-2016-6632", "CVE-2016-9849", "CVE-2016-9850", "CVE-2016-9861", "CVE-2016-9864", "CVE-2019-12616"], "modified": "2019-06-17T20:41:59", "id": "DEBIAN:DLA-1821-1:AF0F6", "href": "https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-12-02T15:27:33", "description": "Phpmyadmin, a web administration tool for MySQL, had several vulnerabilities reported.\n\nCVE-2016-6606\n\nA pair of vulnerabilities were found affecting the way cookies are stored.\n\nThe decryption of the username/password is vulnerable to a padding oracle attack. The can allow an attacker who has access to a user's browser cookie file to decrypt the username and password.\n\nA vulnerability was found where the same initialization vector is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same — but the attacker can not directly decode these values from the cookie as it is still hashed.\n\nCVE-2016-6607\n\nCross site scripting vulnerability in the replication feature\n\nCVE-2016-6609\n\nA specially crafted database name could be used to run arbitrary PHP commands through the array export feature.\n\nCVE-2016-6611\n\nA specially crafted database and/or table name can be used to trigger a SQL injection attack through the SQL export functionality.\n\nCVE-2016-6612\n\nA user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system.\n\nCVE-2016-6613\n\nA user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user.\n\nCVE-2016-6614\n\nA vulnerability was reported with the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially crafted user name can be used to circumvent restrictions to traverse the file system.\n\nCVE-2016-6620\n\nA vulnerability was reported where some data is passed to the PHP unserialize() function without verification that it's valid serialized data. Due to how the PHP function operates, unserialization can result in code being loaded and executed due to object instantiation and autoloading, and a malicious user may be able to exploit this.\nTherefore, a malicious user may be able to manipulate the stored data in a way to exploit this weakness.\n\nCVE-2016-6622\n\nAn unauthenticated user is able to execute a denial of service attack by forcing persistent connections when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true;.\n\nCVE-2016-6623\n\nA malicious authorized user can cause a denial of service attack on a server by passing large values to a loop.\n\nCVE-2016-6624\n\nA vulnerability was discovered where, under certain circumstances, it may be possible to circumvent the phpMyAdmin IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules.\n\nCVE-2016-6630\n\nAn authenticated user can trigger a denial of service attack by entering a very long password at the change password dialog.\n\nCVE-2016-6631\n\nA vulnerability was discovered where a user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by shell scripts.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 3.4.11.1-2+deb7u6.\n\nWe recommend that you upgrade your phpmyadmin packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-09-19T00:00:00", "type": "nessus", "title": "Debian DLA-626-1 : phpmyadmin security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6606", "CVE-2016-6607", "CVE-2016-6609", "CVE-2016-6611", "CVE-2016-6612", "CVE-2016-6613", "CVE-2016-6614", "CVE-2016-6620", "CVE-2016-6622", "CVE-2016-6623", "CVE-2016-6624", "CVE-2016-6630", "CVE-2016-6631"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:phpmyadmin", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-626.NASL", "href": "https://www.tenable.com/plugins/nessus/93566", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-626-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93566);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-6606\", \"CVE-2016-6607\", \"CVE-2016-6609\", \"CVE-2016-6611\", \"CVE-2016-6612\", \"CVE-2016-6613\", \"CVE-2016-6614\", \"CVE-2016-6620\", \"CVE-2016-6622\", \"CVE-2016-6623\", \"CVE-2016-6624\", \"CVE-2016-6630\", \"CVE-2016-6631\");\n\n script_name(english:\"Debian DLA-626-1 : phpmyadmin security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Phpmyadmin, a web administration tool for MySQL, had several\nvulnerabilities reported.\n\nCVE-2016-6606\n\nA pair of vulnerabilities were found affecting the way cookies are\nstored.\n\nThe decryption of the username/password is vulnerable to a\npadding oracle attack. The can allow an attacker who has\naccess to a user's browser cookie file to decrypt the\nusername and password.\n\nA vulnerability was found where the same initialization\nvector is used to hash the username and password stored in\nthe phpMyAdmin cookie. If a user has the same password as\ntheir username, an attacker who examines the browser cookie\ncan see that they are the same — but the attacker can\nnot directly decode these values from the cookie as it is\nstill hashed.\n\nCVE-2016-6607\n\nCross site scripting vulnerability in the replication feature\n\nCVE-2016-6609\n\nA specially crafted database name could be used to run arbitrary PHP\ncommands through the array export feature.\n\nCVE-2016-6611\n\nA specially crafted database and/or table name can be used to trigger\na SQL injection attack through the SQL export functionality.\n\nCVE-2016-6612\n\nA user can exploit the LOAD LOCAL INFILE functionality to expose files\non the server to the database system.\n\nCVE-2016-6613\n\nA user can specially craft a symlink on disk, to a file which\nphpMyAdmin is permitted to read but the user is not, which phpMyAdmin\nwill then expose to the user.\n\nCVE-2016-6614\n\nA vulnerability was reported with the %u username replacement\nfunctionality of the SaveDir and UploadDir features. When the username\nsubstitution is configured, a specially crafted user name can be used\nto circumvent restrictions to traverse the file system.\n\nCVE-2016-6620\n\nA vulnerability was reported where some data is passed to the PHP\nunserialize() function without verification that it's valid serialized\ndata. Due to how the PHP function operates, unserialization can result\nin code being loaded and executed due to object instantiation and\nautoloading, and a malicious user may be able to exploit this.\nTherefore, a malicious user may be able to manipulate the stored data\nin a way to exploit this weakness.\n\nCVE-2016-6622\n\nAn unauthenticated user is able to execute a denial of service attack\nby forcing persistent connections when phpMyAdmin is running with\n$cfg['AllowArbitraryServer']=true;.\n\nCVE-2016-6623\n\nA malicious authorized user can cause a denial of service attack on a\nserver by passing large values to a loop.\n\nCVE-2016-6624\n\nA vulnerability was discovered where, under certain circumstances, it\nmay be possible to circumvent the phpMyAdmin IP-based authentication\nrules. When phpMyAdmin is used with IPv6 in a proxy server\nenvironment, and the proxy server is in the allowed range but the\nattacking computer is not allowed, this vulnerability can allow the\nattacking computer to connect despite the IP rules.\n\nCVE-2016-6630\n\nAn authenticated user can trigger a denial of service attack by\nentering a very long password at the change password dialog.\n\nCVE-2016-6631\n\nA vulnerability was discovered where a user can execute a remote code\nexecution attack against a server when phpMyAdmin is being run as a\nCGI application. Under certain server configurations, a user can pass\na query string which is executed as a command-line argument by shell\nscripts.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n3.4.11.1-2+deb7u6.\n\nWe recommend that you upgrade your phpmyadmin packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/09/msg00019.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/phpmyadmin\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected phpmyadmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:phpmyadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"phpmyadmin\", reference:\"3.4.11.1-2+deb7u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:25:42", "description": "Multiple security vulnerabilities were fixed in phpmyadmin, a MySQL web administration tool, which prevent possible SQL injection attacks, CSRF, the bypass of user restrictions, information disclosure or denial of service.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 4:4.2.12-2+deb8u6.\n\nWe recommend that you upgrade your phpmyadmin packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-06-18T00:00:00", "type": "nessus", "title": "Debian DLA-1821-1 : phpmyadmin security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6606", "CVE-2016-6607", "CVE-2016-6611", "CVE-2016-6612", "CVE-2016-6613", "CVE-2016-6624", "CVE-2016-6626", "CVE-2016-6627", "CVE-2016-6628", "CVE-2016-6630", "CVE-2016-6631", "CVE-2016-6632", "CVE-2016-9849", "CVE-2016-9850", "CVE-2016-9861", "CVE-2016-9864", "CVE-2019-12616"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:phpmyadmin", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1821.NASL", "href": "https://www.tenable.com/plugins/nessus/125957", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1821-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125957);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-6606\", \"CVE-2016-6607\", \"CVE-2016-6611\", \"CVE-2016-6612\", \"CVE-2016-6613\", \"CVE-2016-6624\", \"CVE-2016-6626\", \"CVE-2016-6627\", \"CVE-2016-6628\", \"CVE-2016-6630\", \"CVE-2016-6631\", \"CVE-2016-6632\", \"CVE-2016-9849\", \"CVE-2016-9850\", \"CVE-2016-9861\", \"CVE-2016-9864\", \"CVE-2019-12616\");\n\n script_name(english:\"Debian DLA-1821-1 : phpmyadmin security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security vulnerabilities were fixed in phpmyadmin, a MySQL\nweb administration tool, which prevent possible SQL injection attacks,\nCSRF, the bypass of user restrictions, information disclosure or\ndenial of service.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n4:4.2.12-2+deb8u6.\n\nWe recommend that you upgrade your phpmyadmin packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/phpmyadmin\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected phpmyadmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6631\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:phpmyadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"phpmyadmin\", reference:\"4:4.2.12-2+deb8u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:53", "description": "According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.17, 4.4.x prior to 4.4.15.8, or 4.6.x prior to 4.6.4. It is, therefore, affected by the following vulnerabilities :\n\n - An information disclosure vulnerability exists due to the use of an algorithm that is vulnerable to padding oracle attacks. An unauthenticated, remote attacker can exploit this to decrypt information without the key, resulting in the disclosure of usernames and passwords.\n (CVE-2016-6606)\n\n - A cross-site scripting (XSS) vulnerability exists in the replication_gui.lib.php script due to improper validation of user-supplied input to the 'username' and 'hostname' parameters. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2016-6607)\n\n - A cross-site scripting (XSS) vulnerability exists in the database privilege check functionality and the remove partitioning functionality due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. Note that this vulnerability only affects 4.6.x versions. (CVE-2016-6608)\n\n - A remote command execution vulnerability exists in the ExportPhparray.class.php script due to improper validation of user-supplied input passed via database names. An authenticated, remote attacker can exploit this to execute arbitrary PHP commands. (CVE-2016-6609)\n\n - An information disclosure vulnerability exists in the plugin_interface.lib.php script due to improper handling of errors when creating non-existent classes. An authenticated, remote attacker can exploit this to disclose the installation path. (CVE-2016-6610)\n\n - A SQL injection vulnerability exists in the ExportSql.class.php script due to improper sanitization of user-supplied input to database and table names. An authenticated, remote attacker can exploit this to manipulate SQL queries in the back-end database, resulting in the manipulation and disclosure of arbitrary data. (CVE-2016-6611)\n\n - An information disclosure vulnerability exists in the LOAD LOCAL INFILE functionality that allows an authenticated, remote attacker to expose files on the server to the database system. (CVE-2016-6612)\n\n - An information disclosure vulnerability exists due to insecure creation of temporary files. A local attacker can exploit this, via a symlink attack, to disclose arbitrary files. (CVE-2016-6613)\n\n - A directory traversal vulnerability exists in the Util.class.php script due to improper sanitization of user-supplied input when handling the %u username replacement functionality of the SaveDir and UploadDir features. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to disclose arbitrary files. (CVE-2016-6614)\n\n - Multiple cross-site scripting (XSS) vulnerabilities exist due to improper validation of user-supplied input.\n An unauthenticated, remote attacker can exploit these, via a specially crafted request, to execute arbitrary script code in a user's browser session. Note that these vulnerabilities do not affect 4.0.x versions.\n (CVE-2016-6615)\n\n - A SQL injection vulnerability exists due to improper sanitization of user-supplied input when handling user group queries. An authenticated, remote attacker can exploit this to manipulate SQL queries in the back-end database, resulting in the manipulation and disclosure of arbitrary data. Note that this vulnerability does not affect 4.0.x versions. (CVE-2016-6616)\n\n - A SQL injection vulnerability exists in the display_export.lib.php script due to improper sanitization of user-supplied input when handling database and table names. An authenticated, remote attacker can exploit this to manipulate SQL queries in the back-end database, resulting in the manipulation and disclosure of arbitrary data. Note that this vulnerability only affects 4.6.x versions.\n (CVE-2016-6617)\n\n - A denial of service vulnerability exists in the transformation_wrapper.php script due to improper scaling of image dimensions. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-6618)\n\n - A SQL injection vulnerability exists in the user interface preference feature due to improper sanitization of user-supplied input. An authenticated, remote attacker can exploit this to manipulate SQL queries in the back-end database, resulting in the manipulation and disclosure of arbitrary data.\n (CVE-2016-6619)\n\n - A remote code execution vulnerability exists in the unserialize() function due to improper validation of user-supplied data. An unauthenticated, remote attacker can exploit this to execute arbitrary code.\n (CVE-2016-6620)\n\n - A denial of service vulnerability exists when the AllowArbitraryServer option is enabled that allows an unauthenticated, remote attacker to cause a denial of service condition by forcing a persistent connection.\n (CVE-2016-6622)\n\n - A denial of service vulnerability exists due to improper handling of looped larger values. An authenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-6623)\n\n - A security bypass vulnerability exists in the ip_allow_deny.lib.php script that allows an unauthenticated, remote attacker to bypass IP-based authentication rules. (CVE-2016-6624)\n\n - An information disclosure vulnerability exists that allows an unauthenticated, remote attacker to determine whether a user is logged in or not. (CVE-2016-6625)\n\n - A cross-site redirection vulnerability exists in the core.lib.php script due to a failure to validate user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to follow a specially crafted link, to redirect the user to an arbitrary website. (CVE-2016-6626)\n\n - An information disclosure vulnerability exists in the url.php script due to improper handling of HTTP headers.\n An unauthenticated, remote attacker can exploit this to disclose host location information. (CVE-2016-6627)\n\n - A flaw exists in the file_echo.php script that allows an unauthenticated, remote attacker to cause a different user to download a specially crafted SVG file.\n (CVE-2016-6628)\n\n - A flaw exists in the ArbitraryServerRegexp configuration directive that allows an unauthenticated, remote attacker to reuse certain cookie values and bypass intended server definition limits. (CVE-2016-6629)\n\n - A denial of service vulnerability exists in the user_password.php script due to improper handling of an overly long password. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-6630)\n\n - A remote code execution vulnerability exists in the generator_plugin.sh script due to improper handling of query strings. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-6631)\n\n - A denial of service vulnerability exists in the dbase extension in the ImportShp.class.php script due to a failure to delete temporary files during the import of ESRI files. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n (CVE-2016-6632)\n\n - A remote code execution vulnerability exists in the dbase extension due to improper handling of SHP imports.\n An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-6633)\n\nNote that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.\n\nThis plugin has been deprecated. Use phpmyadmin_pmasa_4_6_4.nasl (plugin ID 143282) instead.", "cvss3": {}, "published": "2016-11-21T00:00:00", "type": "nessus", "title": "phpMyAdmin 4.0.x < 4.0.10.17 / 4.4.x < 4.4.15.8 / 4.6.x < 4.6.4 Multiple Vulnerabilities (PMASA-2016-29 - PMASA-2016-56) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6606", "CVE-2016-6607", "CVE-2016-6608", "CVE-2016-6609", "CVE-2016-6610", "CVE-2016-6611", "CVE-2016-6612", "CVE-2016-6613", "CVE-2016-6614", "CVE-2016-6615", "CVE-2016-6616", "CVE-2016-6617", "CVE-2016-6618", "CVE-2016-6619", "CVE-2016-6620", "CVE-2016-6622", "CVE-2016-6623", "CVE-2016-6624", "CVE-2016-6625", "CVE-2016-6626", "CVE-2016-6627", "CVE-2016-6628", "CVE-2016-6629", "CVE-2016-6630", "CVE-2016-6631", "CVE-2016-6632", "CVE-2016-6633"], "modified": "2020-12-31T00:00:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin"], "id": "PHPMYADMIN_PMASA_2016_29.NASL", "href": "https://www.tenable.com/plugins/nessus/95027", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2020/12/22. Deprecated by phpmyadmin_pmasa_4_6_4.nasl (plugin ID 143282).\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95027);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/31\");\n\n script_cve_id(\n \"CVE-2016-6606\",\n \"CVE-2016-6607\",\n \"CVE-2016-6608\",\n \"CVE-2016-6609\",\n \"CVE-2016-6610\",\n \"CVE-2016-6611\",\n \"CVE-2016-6612\",\n \"CVE-2016-6613\",\n \"CVE-2016-6614\",\n \"CVE-2016-6615\",\n \"CVE-2016-6616\",\n \"CVE-2016-6617\",\n \"CVE-2016-6618\",\n \"CVE-2016-6619\",\n \"CVE-2016-6620\",\n \"CVE-2016-6622\",\n \"CVE-2016-6623\",\n \"CVE-2016-6624\",\n \"CVE-2016-6625\",\n \"CVE-2016-6626\",\n \"CVE-2016-6627\",\n \"CVE-2016-6628\",\n \"CVE-2016-6629\",\n \"CVE-2016-6630\",\n \"CVE-2016-6631\",\n \"CVE-2016-6632\",\n \"CVE-2016-6633\"\n );\n script_bugtraq_id(\n 92489,\n 92490,\n 92491,\n 92492,\n 92493,\n 92494,\n 92496,\n 92497,\n 92500,\n 92501,\n 93257,\n 93258\n );\n\n script_name(english:\"phpMyAdmin 4.0.x < 4.0.10.17 / 4.4.x < 4.4.15.8 / 4.6.x < 4.6.4 Multiple Vulnerabilities (PMASA-2016-29 - PMASA-2016-56) (deprecated)\");\n script_summary(english:\"Checks the version of phpMyAdmin.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the phpMyAdmin\napplication hosted on the remote web server is 4.0.x prior to\n4.0.10.17, 4.4.x prior to 4.4.15.8, or 4.6.x prior to 4.6.4. It is,\ntherefore, affected by the following vulnerabilities :\n\n - An information disclosure vulnerability exists due to\n the use of an algorithm that is vulnerable to padding\n oracle attacks. An unauthenticated, remote attacker can\n exploit this to decrypt information without the key,\n resulting in the disclosure of usernames and passwords.\n (CVE-2016-6606)\n\n - A cross-site scripting (XSS) vulnerability exists in the\n replication_gui.lib.php script due to improper\n validation of user-supplied input to the 'username' and\n 'hostname' parameters. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n request, to execute arbitrary script code in a user's\n browser session. (CVE-2016-6607)\n\n - A cross-site scripting (XSS) vulnerability exists in the\n database privilege check functionality and the remove\n partitioning functionality due to improper validation of\n user-supplied input. An unauthenticated, remote attacker\n can exploit this, via a specially crafted request, to\n execute arbitrary script code in a user's browser\n session. Note that this vulnerability only affects 4.6.x\n versions. (CVE-2016-6608)\n\n - A remote command execution vulnerability exists in the\n ExportPhparray.class.php script due to improper\n validation of user-supplied input passed via database\n names. An authenticated, remote attacker can exploit\n this to execute arbitrary PHP commands. (CVE-2016-6609)\n\n - An information disclosure vulnerability exists in the\n plugin_interface.lib.php script due to improper handling\n of errors when creating non-existent classes. An\n authenticated, remote attacker can exploit this to\n disclose the installation path. (CVE-2016-6610)\n\n - A SQL injection vulnerability exists in the\n ExportSql.class.php script due to improper sanitization\n of user-supplied input to database and table names. An\n authenticated, remote attacker can exploit this to\n manipulate SQL queries in the back-end database,\n resulting in the manipulation and disclosure of\n arbitrary data. (CVE-2016-6611)\n\n - An information disclosure vulnerability exists in the\n LOAD LOCAL INFILE functionality that allows an\n authenticated, remote attacker to expose files on the\n server to the database system. (CVE-2016-6612)\n\n - An information disclosure vulnerability exists due to\n insecure creation of temporary files. A local attacker\n can exploit this, via a symlink attack, to disclose\n arbitrary files. (CVE-2016-6613)\n\n - A directory traversal vulnerability exists in the\n Util.class.php script due to improper sanitization of\n user-supplied input when handling the %u username\n replacement functionality of the SaveDir and UploadDir\n features. An unauthenticated, remote attacker can\n exploit this, via a specially crafted request, to\n disclose arbitrary files. (CVE-2016-6614)\n\n - Multiple cross-site scripting (XSS) vulnerabilities\n exist due to improper validation of user-supplied input.\n An unauthenticated, remote attacker can exploit these,\n via a specially crafted request, to execute arbitrary\n script code in a user's browser session. Note that these\n vulnerabilities do not affect 4.0.x versions.\n (CVE-2016-6615)\n\n - A SQL injection vulnerability exists due to improper\n sanitization of user-supplied input when handling user\n group queries. An authenticated, remote attacker can\n exploit this to manipulate SQL queries in the back-end\n database, resulting in the manipulation and disclosure\n of arbitrary data. Note that this vulnerability does not\n affect 4.0.x versions. (CVE-2016-6616)\n\n - A SQL injection vulnerability exists in the\n display_export.lib.php script due to improper\n sanitization of user-supplied input when handling\n database and table names. An authenticated, remote\n attacker can exploit this to manipulate SQL queries in\n the back-end database, resulting in the manipulation and\n disclosure of arbitrary data. Note that this\n vulnerability only affects 4.6.x versions.\n (CVE-2016-6617)\n\n - A denial of service vulnerability exists in the\n transformation_wrapper.php script due to improper\n scaling of image dimensions. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2016-6618)\n\n - A SQL injection vulnerability exists in the user\n interface preference feature due to improper\n sanitization of user-supplied input. An authenticated,\n remote attacker can exploit this to manipulate SQL\n queries in the back-end database, resulting in the\n manipulation and disclosure of arbitrary data.\n (CVE-2016-6619)\n\n - A remote code execution vulnerability exists in the\n unserialize() function due to improper validation of\n user-supplied data. An unauthenticated, remote attacker\n can exploit this to execute arbitrary code.\n (CVE-2016-6620)\n\n - A denial of service vulnerability exists when the\n AllowArbitraryServer option is enabled that allows an\n unauthenticated, remote attacker to cause a denial of\n service condition by forcing a persistent connection.\n (CVE-2016-6622)\n\n - A denial of service vulnerability exists due to improper\n handling of looped larger values. An authenticated,\n remote attacker can exploit this to cause a denial of\n service condition. (CVE-2016-6623)\n\n - A security bypass vulnerability exists in the\n ip_allow_deny.lib.php script that allows an\n unauthenticated, remote attacker to bypass IP-based\n authentication rules. (CVE-2016-6624)\n\n - An information disclosure vulnerability exists that\n allows an unauthenticated, remote attacker to determine\n whether a user is logged in or not. (CVE-2016-6625)\n\n - A cross-site redirection vulnerability exists in the\n core.lib.php script due to a failure to validate\n user-supplied input. An unauthenticated, remote attacker\n can exploit this, by convincing a user to follow a\n specially crafted link, to redirect the user to an\n arbitrary website. (CVE-2016-6626)\n\n - An information disclosure vulnerability exists in the\n url.php script due to improper handling of HTTP headers.\n An unauthenticated, remote attacker can exploit this to\n disclose host location information. (CVE-2016-6627)\n\n - A flaw exists in the file_echo.php script that allows an\n unauthenticated, remote attacker to cause a different\n user to download a specially crafted SVG file.\n (CVE-2016-6628)\n\n - A flaw exists in the ArbitraryServerRegexp configuration\n directive that allows an unauthenticated, remote\n attacker to reuse certain cookie values and bypass\n intended server definition limits. (CVE-2016-6629)\n\n - A denial of service vulnerability exists in the\n user_password.php script due to improper handling of an\n overly long password. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2016-6630)\n\n - A remote code execution vulnerability exists in the\n generator_plugin.sh script due to improper handling of\n query strings. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2016-6631)\n\n - A denial of service vulnerability exists in the dbase\n extension in the ImportShp.class.php script due to a\n failure to delete temporary files during the import of\n ESRI files. An unauthenticated, remote attacker can\n exploit this to cause a denial of service condition.\n (CVE-2016-6632)\n\n - A remote code execution vulnerability exists in the\n dbase extension due to improper handling of SHP imports.\n An unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2016-6633)\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\n\nThis plugin has been deprecated. Use phpmyadmin_pmasa_4_6_4.nasl (plugin ID 143282) instead.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-29/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-30/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-31/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-32/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-33/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-34/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-35/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-36/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-37/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-38/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-39/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-40/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-41/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-42/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-43/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-45/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-46/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-47/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-48/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-49/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-50/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-51/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-52/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-53/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-54/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-56/\");\n script_set_attribute(attribute:\"solution\", value:\"n/a\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6629\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/21\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:phpmyadmin:phpmyadmin\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"phpMyAdmin_detect.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/phpMyAdmin\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\nexit(0, 'This plugin has been deprecated. Use phpmyadmin_pmasa_4_6_4.nasl (plugin ID 143282) instead.');\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:28", "description": "According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.17, 4.4.x prior to 4.4.15.8, or 4.6.x prior to 4.6.4. It is, therefore, affected by multiple vulnerabilities.\n\n - An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6606)\n\n - XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack); Relation view; the following Transformations:\n Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline, and transformation wrapper;\n XML export; MediaWiki export; Designer; When the MySQL server is running with a specially-crafted log_bin directive; Database tab; Replication feature; and Database search. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6607)\n\n - XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the Remove partitioning functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions (prior to 4.6.4) are affected. (CVE-2016-6608)\n\n - An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6609)\n\n - A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6610)\n\n - An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6611)\n\n - An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6612)\n\n - An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6613)\n\n - An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6614)\n\n - XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the Tracking feature (a specially-crafted query can be used to trigger an XSS attack); and GIS visualization feature. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. (CVE-2016-6615)\n\n - An issue was discovered in phpMyAdmin. In the User group and Designer features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. (CVE-2016-6616)\n\n - An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4) are affected. (CVE-2016-6617)\n\n - An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of- service (DoS) attack against the server. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6618)\n\n - An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6619)\n\n - An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6620)\n\n - An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6622)\n\n - An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6623)\n\n - An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules.\n When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6624)\n\n - An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6625)\n\n - An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6626)\n\n - An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6627)\n\n - An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6628)\n\n - An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive.\n An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6629)\n\n - An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6630)\n\n - An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file generator_plugin.sh. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6631)\n\n - An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6632)\n\n - An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.\n (CVE-2016-6633)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-30T00:00:00", "type": "nessus", "title": "phpMyAdmin 4.0.0 < 4.0.10.17 / 4.4.0 < 4.4.15.8 / 4.6.0 < 4.6.4 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6606", "CVE-2016-6607", "CVE-2016-6608", "CVE-2016-6609", "CVE-2016-6610", "CVE-2016-6611", "CVE-2016-6612", "CVE-2016-6613", "CVE-2016-6614", "CVE-2016-6615", "CVE-2016-6616", "CVE-2016-6617", "CVE-2016-6618", "CVE-2016-6619", "CVE-2016-6620", "CVE-2016-6622", "CVE-2016-6623", "CVE-2016-6624", "CVE-2016-6625", "CVE-2016-6626", "CVE-2016-6627", "CVE-2016-6628", "CVE-2016-6629", "CVE-2016-6630", "CVE-2016-6631", "CVE-2016-6632", "CVE-2016-6633"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin"], "id": "PHPMYADMIN_PMASA_4_6_4.NASL", "href": "https://www.tenable.com/plugins/nessus/143282", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143282);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2016-6606\",\n \"CVE-2016-6607\",\n \"CVE-2016-6608\",\n \"CVE-2016-6609\",\n \"CVE-2016-6610\",\n \"CVE-2016-6611\",\n \"CVE-2016-6612\",\n \"CVE-2016-6613\",\n \"CVE-2016-6614\",\n \"CVE-2016-6615\",\n \"CVE-2016-6616\",\n \"CVE-2016-6617\",\n \"CVE-2016-6618\",\n \"CVE-2016-6619\",\n \"CVE-2016-6620\",\n \"CVE-2016-6622\",\n \"CVE-2016-6623\",\n \"CVE-2016-6624\",\n \"CVE-2016-6625\",\n \"CVE-2016-6626\",\n \"CVE-2016-6627\",\n \"CVE-2016-6628\",\n \"CVE-2016-6629\",\n \"CVE-2016-6630\",\n \"CVE-2016-6631\",\n \"CVE-2016-6632\",\n \"CVE-2016-6633\"\n );\n script_bugtraq_id(\n 92489,\n 92490,\n 92491,\n 92492,\n 92493,\n 92494,\n 92496,\n 92497,\n 92500,\n 92501,\n 93257,\n 93258,\n 94112,\n 94113,\n 94114,\n 94115,\n 94117,\n 94118,\n 94366,\n 95041,\n 95042,\n 95044,\n 95047,\n 95048,\n 95049,\n 95052,\n 95055\n );\n\n script_name(english:\"phpMyAdmin 4.0.0 < 4.0.10.17 / 4.4.0 < 4.4.15.8 / 4.6.0 < 4.6.4 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP application that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to\n4.0.10.17, 4.4.x prior to 4.4.15.8, or 4.6.x prior to 4.6.4. It is, therefore, affected by multiple vulnerabilities.\n\n - An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is\n vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser\n cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used\n to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as\n their username, an attacker who examines the browser cookie can see that they are the same - but the\n attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions\n (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are\n affected. (CVE-2016-6606)\n\n - XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can\n be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are not properly\n escaped and can be used to trigger an XSS attack); Relation view; the following Transformations:\n Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline, and transformation wrapper;\n XML export; MediaWiki export; Designer; When the MySQL server is running with a specially-crafted log_bin\n directive; Database tab; Replication feature; and Database search. All 4.6.x versions (prior to 4.6.4),\n 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6607)\n\n - XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the Remove\n partitioning functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x\n versions (prior to 4.6.4) are affected. (CVE-2016-6608)\n\n - An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary\n PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior\n to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6609)\n\n - A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular\n error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions\n (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are\n affected. (CVE-2016-6610)\n\n - An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to\n trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4),\n 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6611)\n\n - An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose\n files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to\n 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6612)\n\n - An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which\n phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All\n 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to\n 4.0.10.17) are affected. (CVE-2016-6613)\n\n - An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir\n and UploadDir features. When the username substitution is configured, a specially-crafted user name can be\n used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x\n versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6614)\n\n - XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature\n (a specially-crafted database name can be used to trigger an XSS attack); the Tracking feature (a\n specially-crafted query can be used to trigger an XSS attack); and GIS visualization feature. All 4.6.x\n versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. (CVE-2016-6615)\n\n - An issue was discovered in phpMyAdmin. In the User group and Designer features, a user can execute an\n SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and\n 4.4.x versions (prior to 4.4.15.8) are affected. (CVE-2016-6616)\n\n - An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to\n trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4) are\n affected. (CVE-2016-6617)\n\n - An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-\n service (DoS) attack against the server. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to\n 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6618)\n\n - An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL\n injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x\n versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6619)\n\n - An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without\n verification that it's valid serialized data. The unserialization can result in code execution because of\n the interaction with object instantiation and autoloading. All 4.6.x versions (prior to 4.6.4), 4.4.x\n versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6620)\n\n - An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service\n (DoS) attack by forcing persistent connections when phpMyAdmin is running with\n $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to\n 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6622)\n\n - An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a\n server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to\n 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6623)\n\n - An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules.\n When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed\n range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to\n connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and\n 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6624)\n\n - An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to\n phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All\n 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to\n 4.0.10.17) are affected. (CVE-2016-6625)\n\n - An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All\n 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to\n 4.0.10.17) are affected. (CVE-2016-6626)\n\n - An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the\n file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions\n (prior to 4.0.10.17) are affected. (CVE-2016-6627)\n\n - An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially\n crafted malicious SVG file. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and\n 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6628)\n\n - An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive.\n An attacker could reuse certain cookie values in a way of bypassing the servers defined by\n ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x\n versions (prior to 4.0.10.17) are affected. (CVE-2016-6629)\n\n - An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack\n by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x\n versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6630)\n\n - An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server\n when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a\n query string which is executed as a command-line argument by the file generator_plugin.sh. All 4.6.x\n versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are\n affected. (CVE-2016-6631)\n\n - An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary\n files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to\n 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6632)\n\n - An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack\n against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to\n 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.\n (CVE-2016-6633)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-29/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-30/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-31/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-32/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-33/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-34/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-35/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-36/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-37/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-38/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-39/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-40/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-41/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-42/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-43/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-45/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-46/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-47/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-48/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-49/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-50/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-51/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-52/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-53/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-54/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-55/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.phpmyadmin.net/security/PMASA-2016-56/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to phpMyAdmin version 4.0.10.17 / 4.4.15.8 / 4.6.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6629\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(661);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/30\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:phpmyadmin:phpmyadmin\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"phpMyAdmin_detect.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/phpMyAdmin\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('http.inc');\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_http_port(default:80, php:TRUE);\n\napp_info = vcf::get_app_info(app:'phpMyAdmin', port:port, webapp:TRUE);\n\nconstraints = [\n { 'min_version' : '4.0.0', 'fixed_version' : '4.0.10.17' },\n { 'min_version' : '4.4.0', 'fixed_version' : '4.4.15.8' },\n { 'min_version' : '4.6.0', 'fixed_version' : '4.6.4' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, flags:{xss:TRUE, sqli:TRUE});\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:26:00", "description": "The phpmyadmin development team reports :\n\nWeakness with cookie encryption\n\nMultiple XSS vulnerabilities\n\nMultiple XSS vulnerabilities\n\nPHP code injection\n\nFull path disclosure\n\nSQL injection attack\n\nLocal file exposure\n\nLocal file exposure through symlinks with UploadDir\n\nPath traversal with SaveDir and UploadDir\n\nMultiple XSS vulnerabilities\n\nSQL injection attack\n\nSQL injection attack\n\nDenial of service (DOS) attack in transformation feature\n\nSQL injection attack as control user\n\nUnvalidated data passed to unserialize()\n\nDOS attack with forced persistent connections\n\nDenial of service (DOS) attack by for loops\n\nIPv6 and proxy server IP-based authentication rule circumvention\n\nDetect if user is logged in\n\nBypass URL redirect protection\n\nReferrer leak in url.php\n\nReflected File Download attack\n\nArbitraryServerRegexp bypass\n\nDenial of service (DOS) attack by changing password to a very long string\n\nRemote code execution vulnerability when run as CGI Summary Denial of service (DOS) attack with dbase extension\n\nRemote code execution vulnerability when PHP is running with dbase extension", "cvss3": {}, "published": "2016-08-18T00:00:00", "type": "nessus", "title": "FreeBSD : phpmyadmin -- multiple vulnerabilities (ef70b201-645d-11e6-9cdc-6805ca0b3d42)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6606", "CVE-2016-6607", "CVE-2016-6608", "CVE-2016-6609", "CVE-2016-6610", "CVE-2016-6611", "CVE-2016-6612", "CVE-2016-6613", "CVE-2016-6614", "CVE-2016-6615", "CVE-2016-6616", "CVE-2016-6617", "CVE-2016-6618", "CVE-2016-6619", "CVE-2016-6620", "CVE-2016-6622", "CVE-2016-6623", "CVE-2016-6624", "CVE-2016-6625", "CVE-2016-6626", "CVE-2016-6627", "CVE-2016-6628", "CVE-2016-6629", "CVE-2016-6630", "CVE-2016-6631", "CVE-2016-6632", "CVE-2016-6633"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:phpmyadmin", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_EF70B201645D11E69CDC6805CA0B3D42.NASL", "href": "https://www.tenable.com/plugins/nessus/93024", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93024);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-6606\", \"CVE-2016-6607\", \"CVE-2016-6608\", \"CVE-2016-6609\", \"CVE-2016-6610\", \"CVE-2016-6611\", \"CVE-2016-6612\", \"CVE-2016-6613\", \"CVE-2016-6614\", \"CVE-2016-6615\", \"CVE-2016-6616\", \"CVE-2016-6617\", \"CVE-2016-6618\", \"CVE-2016-6619\", \"CVE-2016-6620\", \"CVE-2016-6622\", \"CVE-2016-6623\", \"CVE-2016-6624\", \"CVE-2016-6625\", \"CVE-2016-6626\", \"CVE-2016-6627\", \"CVE-2016-6628\", \"CVE-2016-6629\", \"CVE-2016-6630\", \"CVE-2016-6631\", \"CVE-2016-6632\", \"CVE-2016-6633\");\n\n script_name(english:\"FreeBSD : phpmyadmin -- multiple vulnerabilities (ef70b201-645d-11e6-9cdc-6805ca0b3d42)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The phpmyadmin development team reports :\n\nWeakness with cookie encryption\n\nMultiple XSS vulnerabilities\n\nMultiple XSS vulnerabilities\n\nPHP code injection\n\nFull path disclosure\n\nSQL injection attack\n\nLocal file exposure\n\nLocal file exposure through symlinks with UploadDir\n\nPath traversal with SaveDir and UploadDir\n\nMultiple XSS vulnerabilities\n\nSQL injection attack\n\nSQL injection attack\n\nDenial of service (DOS) attack in transformation feature\n\nSQL injection attack as control user\n\nUnvalidated data passed to unserialize()\n\nDOS attack with forced persistent connections\n\nDenial of service (DOS) attack by for loops\n\nIPv6 and proxy server IP-based authentication rule circumvention\n\nDetect if user is logged in\n\nBypass URL redirect protection\n\nReferrer leak in url.php\n\nReflected File Download attack\n\nArbitraryServerRegexp bypass\n\nDenial of service (DOS) attack by changing password to a very long\nstring\n\nRemote code execution vulnerability when run as CGI Summary Denial of\nservice (DOS) attack with dbase extension\n\nRemote code execution vulnerability when PHP is running with dbase\nextension\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-29/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-30/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-31/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-32/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-33/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-34/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-35/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-36/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-37/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-38/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-39/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-40/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-41/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-42/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-43/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-45/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-46/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-47/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-48/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-49/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-50/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-51/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-52/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-53/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-54/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-55/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2016-56/\"\n );\n # https://vuxml.freebsd.org/freebsd/ef70b201-645d-11e6-9cdc-6805ca0b3d42.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9693f9c8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:phpmyadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"phpmyadmin>=4.6.0<4.6.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:25:51", "description": "phpMyAdmin was updated to version 4.4.15.8 (2016-08-16) to fix the following issues :\n\n - Upstream changelog for 4.4.15.8 :\n\n - Improve session cookie code for openid.php and signon.php example files\n\n - Full path disclosure in openid.php and signon.php example files\n\n - Unsafe generation of BlowfishSecret (when not supplied by the user)\n\n - Referrer leak when phpinfo is enabled\n\n - Use HTTPS for wiki links\n\n - Improve SSL certificate handling\n\n - Fix full path disclosure in debugging code\n\n - Administrators could trigger SQL injection attack against users\n\n - other fixes\n\n - Remove Swekey support\n\n - Security fixes: https://www.phpmyadmin.net/security/\n\n - Weaknesses with cookie encryption see PMASA-2016-29 (CVE-2016-6606, CWE-661)\n\n - Multiple XSS vulnerabilities see PMASA-2016-30 (CVE-2016-6607, CWE-661)\n\n - Multiple XSS vulnerabilities see PMASA-2016-31 (CVE-2016-6608, CWE-661)\n\n - PHP code injection see PMASA-2016-32 (CVE-2016-6609, CWE-661)\n\n - Full path disclosure see PMASA-2016-33 (CVE-2016-6610, CWE-661)\n\n - SQL injection attack see PMASA-2016-34 (CVE-2016-6611, CWE-661)\n\n - Local file exposure through LOAD DATA LOCAL INFILE see PMASA-2016-35 (CVE-2016-6612, CWE-661)\n\n - Local file exposure through symlinks with UploadDir see PMASA-2016-36 (CVE-2016-6613, CWE-661)\n\n - Path traversal with SaveDir and UploadDir see PMASA-2016-37 (CVE-2016-6614, CWE-661)\n\n - Multiple XSS vulnerabilities see PMASA-2016-38 (CVE-2016-6615, CWE-661)\n\n - SQL injection vulnerability as control user see PMASA-2016-39 (CVE-2016-6616, CWE-661)\n\n - SQL injection vulnerability see PMASA-2016-40 (CVE-2016-6617, CWE-661)\n\n - Denial-of-service attack through transformation feature see PMASA-2016-41 (CVE-2016-6618, CWE-661)\n\n - SQL injection vulnerability as control user see PMASA-2016-42 (CVE-2016-6619, CWE-661)\n\n - Verify data before unserializing see PMASA-2016-43 (CVE-2016-6620, CWE-661)\n\n - SSRF in setup script see PMASA-2016-44 (CVE-2016-6621, CWE-661)\n\n - Denial-of-service attack with $cfg['AllowArbitraryServer'] = true and persistent connections see PMASA-2016-45 (CVE-2016-6622, CWE-661)\n\n - Denial-of-service attack by using for loops see PMASA-2016-46 (CVE-2016-6623, CWE-661)\n\n - Possible circumvention of IP-based allow/deny rules with IPv6 and proxy server see PMASA-2016-47 (CVE-2016-6624, CWE-661)\n\n - Detect if user is logged in see PMASA-2016-48 (CVE-2016-6625, CWE-661)\n\n - Bypass URL redirection protection see PMASA-2016-49 (CVE-2016-6626, CWE-661)\n\n - Referrer leak see PMASA-2016-50 (CVE-2016-6627, CWE-661)\n\n - Reflected File Download see PMASA-2016-51 (CVE-2016-6628, CWE-661)\n\n - ArbitraryServerRegexp bypass see PMASA-2016-52 (CVE-2016-6629, CWE-661)\n\n - Denial-of-service attack by entering long password see PMASA-2016-53 (CVE-2016-6630, CWE-661)\n\n - Remote code execution vulnerability when running as CGI see PMASA-2016-54 (CVE-2016-6631, CWE-661)\n\n - Denial-of-service attack when PHP uses dbase extension see PMASA-2016-55 (CVE-2016-6632, CWE-661)\n\n - Remove tode execution vulnerability when PHP uses dbase extension see PMASA-2016-56 (CVE-2016-6633, CWE-661)", "cvss3": {}, "published": "2016-08-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : phpMyAdmin (openSUSE-2016-1021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6606", "CVE-2016-6607", "CVE-2016-6608", "CVE-2016-6609", "CVE-2016-6610", "CVE-2016-6611", "CVE-2016-6612", "CVE-2016-6613", "CVE-2016-6614", "CVE-2016-6615", "CVE-2016-6616", "CVE-2016-6617", "CVE-2016-6618", "CVE-2016-6619", "CVE-2016-6620", "CVE-2016-6621", "CVE-2016-6622", "CVE-2016-6623", "CVE-2016-6624", "CVE-2016-6625", "CVE-2016-6626", "CVE-2016-6627", "CVE-2016-6628", "CVE-2016-6629", "CVE-2016-6630", "CVE-2016-6631", "CVE-2016-6632", "CVE-2016-6633"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:phpmyadmin", "cpe:/o:novell:opensuse:13.2", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-1021.NASL", "href": "https://www.tenable.com/plugins/nessus/93212", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1021.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93212);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-6606\", \"CVE-2016-6607\", \"CVE-2016-6608\", \"CVE-2016-6609\", \"CVE-2016-6610\", \"CVE-2016-6611\", \"CVE-2016-6612\", \"CVE-2016-6613\", \"CVE-2016-6614\", \"CVE-2016-6615\", \"CVE-2016-6616\", \"CVE-2016-6617\", \"CVE-2016-6618\", \"CVE-2016-6619\", \"CVE-2016-6620\", \"CVE-2016-6621\", \"CVE-2016-6622\", \"CVE-2016-6623\", \"CVE-2016-6624\", \"CVE-2016-6625\", \"CVE-2016-6626\", \"CVE-2016-6627\", \"CVE-2016-6628\", \"CVE-2016-6629\", \"CVE-2016-6630\", \"CVE-2016-6631\", \"CVE-2016-6632\", \"CVE-2016-6633\");\n\n script_name(english:\"openSUSE Security Update : phpMyAdmin (openSUSE-2016-1021)\");\n script_summary(english:\"Check for the openSUSE-2016-1021 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"phpMyAdmin was updated to version 4.4.15.8 (2016-08-16) to fix the\nfollowing issues :\n\n - Upstream changelog for 4.4.15.8 :\n\n - Improve session cookie code for openid.php and\n signon.php example files\n\n - Full path disclosure in openid.php and signon.php\n example files\n\n - Unsafe generation of BlowfishSecret (when not supplied\n by the user)\n\n - Referrer leak when phpinfo is enabled\n\n - Use HTTPS for wiki links\n\n - Improve SSL certificate handling\n\n - Fix full path disclosure in debugging code\n\n - Administrators could trigger SQL injection attack\n against users\n\n - other fixes\n\n - Remove Swekey support\n\n - Security fixes: https://www.phpmyadmin.net/security/\n\n - Weaknesses with cookie encryption see PMASA-2016-29\n (CVE-2016-6606, CWE-661)\n\n - Multiple XSS vulnerabilities see PMASA-2016-30\n (CVE-2016-6607, CWE-661)\n\n - Multiple XSS vulnerabilities see PMASA-2016-31\n (CVE-2016-6608, CWE-661)\n\n - PHP code injection see PMASA-2016-32 (CVE-2016-6609,\n CWE-661)\n\n - Full path disclosure see PMASA-2016-33 (CVE-2016-6610,\n CWE-661)\n\n - SQL injection attack see PMASA-2016-34 (CVE-2016-6611,\n CWE-661)\n\n - Local file exposure through LOAD DATA LOCAL INFILE see\n PMASA-2016-35 (CVE-2016-6612, CWE-661)\n\n - Local file exposure through symlinks with UploadDir see\n PMASA-2016-36 (CVE-2016-6613, CWE-661)\n\n - Path traversal with SaveDir and UploadDir see\n PMASA-2016-37 (CVE-2016-6614, CWE-661)\n\n - Multiple XSS vulnerabilities see PMASA-2016-38\n (CVE-2016-6615, CWE-661)\n\n - SQL injection vulnerability as control user see\n PMASA-2016-39 (CVE-2016-6616, CWE-661)\n\n - SQL injection vulnerability see PMASA-2016-40\n (CVE-2016-6617, CWE-661)\n\n - Denial-of-service attack through transformation feature\n see PMASA-2016-41 (CVE-2016-6618, CWE-661)\n\n - SQL injection vulnerability as control user see\n PMASA-2016-42 (CVE-2016-6619, CWE-661)\n\n - Verify data before unserializing see PMASA-2016-43\n (CVE-2016-6620, CWE-661)\n\n - SSRF in setup script see PMASA-2016-44 (CVE-2016-6621,\n CWE-661)\n\n - Denial-of-service attack with\n $cfg['AllowArbitraryServer'] = true and persistent\n connections see PMASA-2016-45 (CVE-2016-6622, CWE-661)\n\n - Denial-of-service attack by using for loops see\n PMASA-2016-46 (CVE-2016-6623, CWE-661)\n\n - Possible circumvention of IP-based allow/deny rules with\n IPv6 and proxy server see PMASA-2016-47 (CVE-2016-6624,\n CWE-661)\n\n - Detect if user is logged in see PMASA-2016-48\n (CVE-2016-6625, CWE-661)\n\n - Bypass URL redirection protection see PMASA-2016-49\n (CVE-2016-6626, CWE-661)\n\n - Referrer leak see PMASA-2016-50 (CVE-2016-6627, CWE-661)\n\n - Reflected File Download see PMASA-2016-51\n (CVE-2016-6628, CWE-661)\n\n - ArbitraryServerRegexp bypass see PMASA-2016-52\n (CVE-2016-6629, CWE-661)\n\n - Denial-of-service attack by entering long password see\n PMASA-2016-53 (CVE-2016-6630, CWE-661)\n\n - Remote code execution vulnerability when running as CGI\n see PMASA-2016-54 (CVE-2016-6631, CWE-661)\n\n - Denial-of-service attack when PHP uses dbase extension\n see PMASA-2016-55 (CVE-2016-6632, CWE-661)\n\n - Remove tode execution vulnerability when PHP uses dbase\n extension see PMASA-2016-56 (CVE-2016-6633, CWE-661)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=994313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"phpMyAdmin-4.4.15.8-39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"phpMyAdmin-4.4.15.8-25.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:25:26", "description": "This phpMyAdmin update to version 4.4.15.8 fixes the following issues :\n\nSecurity issues fixed :\n\n - Improve session cookie code for openid.php and signon.php example files\n\n - Full path disclosure in openid.php and signon.php example files\n\n - Unsafe generation of BlowfishSecret (when not supplied by the user)\n\n - Referrer leak when phpinfo is enabled\n\n - Use HTTPS for wiki links\n\n - Improve SSL certificate handling\n\n - Fix full path disclosure in debugging code\n\n - Administrators could trigger SQL injection attack against users\n\n - Weaknesses with cookie encryption see PMASA-2016-29 (CVE-2016-6606, CWE-661)\n\n - Multiple XSS vulnerabilities see PMASA-2016-30 (CVE-2016-6607, CWE-661)\n\n - Multiple XSS vulnerabilities see PMASA-2016-31 (CVE-2016-6608, CWE-661)\n\n - PHP code injection see PMASA-2016-32 (CVE-2016-6609, CWE-661)\n\n - Full path disclosure see PMASA-2016-33 (CVE-2016-6610, CWE-661)\n\n - SQL injection attack see PMASA-2016-34 (CVE-2016-6611, CWE-661)\n\n - Local file exposure through LOAD DATA LOCAL INFILE see PMASA-2016-35 (CVE-2016-6612, CWE-661)\n\n - Local file exposure through symlinks with UploadDir see PMASA-2016-36 (CVE-2016-6613, CWE-661)\n\n - Path traversal with SaveDir and UploadDir see PMASA-2016-37 (CVE-2016-6614, CWE-661)\n\n - Multiple XSS vulnerabilities see PMASA-2016-38 (CVE-2016-6615, CWE-661)\n\n - SQL injection vulnerability as control user see PMASA-2016-39 (CVE-2016-6616, CWE-661)\n\n - SQL injection vulnerability see PMASA-2016-40 (CVE-2016-6617, CWE-661)\n\n - Denial-of-service attack through transformation feature see PMASA-2016-41 (CVE-2016-6618, CWE-661)\n\n - SQL injection vulnerability as control user see PMASA-2016-42 (CVE-2016-6619, CWE-661)\n\n - Verify data before unserializing see PMASA-2016-43 (CVE-2016-6620, CWE-661)\n\n - SSRF in setup script see PMASA-2016-44 (CVE-2016-6621, CWE-661)\n\n - Denial-of-service attack with $cfg['AllowArbitraryServer'] = true and persistent connections see PMASA-2016-45 (CVE-2016-6622, CWE-661)\n\n - Denial-of-service attack by using for loops see PMASA-2016-46 (CVE-2016-6623, CWE-661)\n\n - Possible circumvention of IP-based allow/deny rules with IPv6 and proxy server see PMASA-2016-47 (CVE-2016-6624, CWE-661)\n\n - Detect if user is logged in see PMASA-2016-48 (CVE-2016-6625, CWE-661)\n\n - Bypass URL redirection protection see PMASA-2016-49 (CVE-2016-6626, CWE-661)\n\n - Referrer leak see PMASA-2016-50 (CVE-2016-6627, CWE-661)\n\n - Reflected File Download see PMASA-2016-51 (CVE-2016-6628, CWE-661)\n\n - ArbitraryServerRegexp bypass see PMASA-2016-52 (CVE-2016-6629, CWE-661)\n\n - Denial-of-service attack by entering long password see PMASA-2016-53 (CVE-2016-6630, CWE-661)\n\n - Remote code execution vulnerability when running as CGI see PMASA-2016-54 (CVE-2016-6631, CWE-661)\n\n - Denial-of-service attack when PHP uses dbase extension see PMASA-2016-55 (CVE-2016-6632, CWE-661)\n\n - Remove tode execution vulnerability when PHP uses dbase extension see PMASA-2016-56 (CVE-2016-6633, CWE-661)", "cvss3": {}, "published": "2016-08-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : phpMyAdmin (openSUSE-2016-1027)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6606", "CVE-2016-6607", "CVE-2016-6608", "CVE-2016-6609", "CVE-2016-6610", "CVE-2016-6611", "CVE-2016-6612", "CVE-2016-6613", "CVE-2016-6614", "CVE-2016-6615", "CVE-2016-6616", "CVE-2016-6617", "CVE-2016-6618", "CVE-2016-6619", "CVE-2016-6620", "CVE-2016-6621", "CVE-2016-6622", "CVE-2016-6623", "CVE-2016-6624", "CVE-2016-6625", "CVE-2016-6626", "CVE-2016-6627", "CVE-2016-6628", "CVE-2016-6629", "CVE-2016-6630", "CVE-2016-6631", "CVE-2016-6632", "CVE-2016-6633"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:phpmyadmin", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2016-1027.NASL", "href": "https://www.tenable.com/plugins/nessus/93214", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1027.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93214);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-6606\", \"CVE-2016-6607\", \"CVE-2016-6608\", \"CVE-2016-6609\", \"CVE-2016-6610\", \"CVE-2016-6611\", \"CVE-2016-6612\", \"CVE-2016-6613\", \"CVE-2016-6614\", \"CVE-2016-6615\", \"CVE-2016-6616\", \"CVE-2016-6617\", \"CVE-2016-6618\", \"CVE-2016-6619\", \"CVE-2016-6620\", \"CVE-2016-6621\", \"CVE-2016-6622\", \"CVE-2016-6623\", \"CVE-2016-6624\", \"CVE-2016-6625\", \"CVE-2016-6626\", \"CVE-2016-6627\", \"CVE-2016-6628\", \"CVE-2016-6629\", \"CVE-2016-6630\", \"CVE-2016-6631\", \"CVE-2016-6632\", \"CVE-2016-6633\");\n\n script_name(english:\"openSUSE Security Update : phpMyAdmin (openSUSE-2016-1027)\");\n script_summary(english:\"Check for the openSUSE-2016-1027 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This phpMyAdmin update to version 4.4.15.8 fixes the following \nissues :\n\nSecurity issues fixed :\n\n - Improve session cookie code for openid.php and\n signon.php example files\n\n - Full path disclosure in openid.php and signon.php\n example files\n\n - Unsafe generation of BlowfishSecret (when not supplied\n by the user)\n\n - Referrer leak when phpinfo is enabled\n\n - Use HTTPS for wiki links\n\n - Improve SSL certificate handling\n\n - Fix full path disclosure in debugging code\n\n - Administrators could trigger SQL injection attack\n against users\n\n - Weaknesses with cookie encryption see PMASA-2016-29\n (CVE-2016-6606, CWE-661)\n\n - Multiple XSS vulnerabilities see PMASA-2016-30\n (CVE-2016-6607, CWE-661)\n\n - Multiple XSS vulnerabilities see PMASA-2016-31\n (CVE-2016-6608, CWE-661)\n\n - PHP code injection see PMASA-2016-32 (CVE-2016-6609,\n CWE-661)\n\n - Full path disclosure see PMASA-2016-33 (CVE-2016-6610,\n CWE-661)\n\n - SQL injection attack see PMASA-2016-34 (CVE-2016-6611,\n CWE-661)\n\n - Local file exposure through LOAD DATA LOCAL INFILE see\n PMASA-2016-35 (CVE-2016-6612, CWE-661)\n\n - Local file exposure through symlinks with UploadDir see\n PMASA-2016-36 (CVE-2016-6613, CWE-661)\n\n - Path traversal with SaveDir and UploadDir see\n PMASA-2016-37 (CVE-2016-6614, CWE-661)\n\n - Multiple XSS vulnerabilities see PMASA-2016-38\n (CVE-2016-6615, CWE-661)\n\n - SQL injection vulnerability as control user see\n PMASA-2016-39 (CVE-2016-6616, CWE-661)\n\n - SQL injection vulnerability see PMASA-2016-40\n (CVE-2016-6617, CWE-661)\n\n - Denial-of-service attack through transformation feature\n see PMASA-2016-41 (CVE-2016-6618, CWE-661)\n\n - SQL injection vulnerability as control user see\n PMASA-2016-42 (CVE-2016-6619, CWE-661)\n\n - Verify data before unserializing see PMASA-2016-43\n (CVE-2016-6620, CWE-661)\n\n - SSRF in setup script see PMASA-2016-44 (CVE-2016-6621,\n CWE-661)\n\n - Denial-of-service attack with\n $cfg['AllowArbitraryServer'] = true and persistent\n connections see PMASA-2016-45 (CVE-2016-6622, CWE-661)\n\n - Denial-of-service attack by using for loops see\n PMASA-2016-46 (CVE-2016-6623, CWE-661)\n\n - Possible circumvention of IP-based allow/deny rules with\n IPv6 and proxy server see PMASA-2016-47 (CVE-2016-6624,\n CWE-661)\n\n - Detect if user is logged in see PMASA-2016-48\n (CVE-2016-6625, CWE-661)\n\n - Bypass URL redirection protection see PMASA-2016-49\n (CVE-2016-6626, CWE-661)\n\n - Referrer leak see PMASA-2016-50 (CVE-2016-6627, CWE-661)\n\n - Reflected File Download see PMASA-2016-51\n (CVE-2016-6628, CWE-661)\n\n - ArbitraryServerRegexp bypass see PMASA-2016-52\n (CVE-2016-6629, CWE-661)\n\n - Denial-of-service attack by entering long password see\n PMASA-2016-53 (CVE-2016-6630, CWE-661)\n\n - Remote code execution vulnerability when running as CGI\n see PMASA-2016-54 (CVE-2016-6631, CWE-661)\n\n - Denial-of-service attack when PHP uses dbase extension\n see PMASA-2016-55 (CVE-2016-6632, CWE-661)\n\n - Remove tode execution vulnerability when PHP uses dbase\n extension see PMASA-2016-56 (CVE-2016-6633, CWE-661)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=994313\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"phpMyAdmin-4.4.15.8-63.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:25:43", "description": "The remote host is affected by the vulnerability described in GLSA-201701-32 (phpMyAdmin: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A authenticated remote attacker could exploit these vulnerabilities to execute arbitrary PHP Code, inject SQL code, or to conduct Cross-Site Scripting attacks.\n In certain configurations, an unauthenticated remote attacker could cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2017-01-12T00:00:00", "type": "nessus", "title": "GLSA-201701-32 : phpMyAdmin: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4412", "CVE-2016-5097", "CVE-2016-5098", "CVE-2016-5099", "CVE-2016-5701", "CVE-2016-5702", "CVE-2016-5703", "CVE-2016-5704", "CVE-2016-5705", "CVE-2016-5706", "CVE-2016-5730", "CVE-2016-5731", "CVE-2016-5732", "CVE-2016-5733", "CVE-2016-5734", "CVE-2016-5739", "CVE-2016-6606", "CVE-2016-6607", "CVE-2016-6608", "CVE-2016-6609", "CVE-2016-6610", "CVE-2016-6611", "CVE-2016-6612", "CVE-2016-6613", "CVE-2016-6614", "CVE-2016-6615", "CVE-2016-6616", "CVE-2016-6617", "CVE-2016-6618", "CVE-2016-6619", "CVE-2016-6620", "CVE-2016-6622", "CVE-2016-6623", "CVE-2016-6624", "CVE-2016-6625", "CVE-2016-6626", "CVE-2016-6627", "CVE-2016-6628", "CVE-2016-6629", "CVE-2016-6630", "CVE-2016-6631", "CVE-2016-6632", "CVE-2016-6633", "CVE-2016-9847", "CVE-2016-9848", "CVE-2016-9849", "CVE-2016-9850", "CVE-2016-9851", "CVE-2016-9852", "CVE-2016-9853", "CVE-2016-9854", "CVE-2016-9855", "CVE-2016-9856", "CVE-2016-9857", "CVE-2016-9858", "CVE-2016-9859", "CVE-2016-9860", "CVE-2016-9861", "CVE-2016-9862", "CVE-2016-9863", "CVE-2016-9864", "CVE-2016-9865", "CVE-2016-9866"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:phpmyadmin", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201701-32.NASL", "href": "https://www.tenable.com/plugins/nessus/96426", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201701-32.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96426);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-4412\", \"CVE-2016-5097\", \"CVE-2016-5098\", \"CVE-2016-5099\", \"CVE-2016-5701\", \"CVE-2016-5702\", \"CVE-2016-5703\", \"CVE-2016-5704\", \"CVE-2016-5705\", \"CVE-2016-5706\", \"CVE-2016-5730\", \"CVE-2016-5731\", \"CVE-2016-5732\", \"CVE-2016-5733\", \"CVE-2016-5734\", \"CVE-2016-5739\", \"CVE-2016-6606\", \"CVE-2016-6607\", \"CVE-2016-6608\", \"CVE-2016-6609\", \"CVE-2016-6610\", \"CVE-2016-6611\", \"CVE-2016-6612\", \"CVE-2016-6613\", \"CVE-2016-6614\", \"CVE-2016-6615\", \"CVE-2016-6616\", \"CVE-2016-6617\", \"CVE-2016-6618\", \"CVE-2016-6619\", \"CVE-2016-6620\", \"CVE-2016-6622\", \"CVE-2016-6623\", \"CVE-2016-6624\", \"CVE-2016-6625\", \"CVE-2016-6626\", \"CVE-2016-6627\", \"CVE-2016-6628\", \"CVE-2016-6629\", \"CVE-2016-6630\", \"CVE-2016-6631\", \"CVE-2016-6632\", \"CVE-2016-6633\", \"CVE-2016-9847\", \"CVE-2016-9848\", \"CVE-2016-9849\", \"CVE-2016-9850\", \"CVE-2016-9851\", \"CVE-2016-9852\", \"CVE-2016-9853\", \"CVE-2016-9854\", \"CVE-2016-9855\", \"CVE-2016-9856\", \"CVE-2016-9857\", \"CVE-2016-9858\", \"CVE-2016-9859\", \"CVE-2016-9860\", \"CVE-2016-9861\", \"CVE-2016-9862\", \"CVE-2016-9863\", \"CVE-2016-9864\", \"CVE-2016-9865\", \"CVE-2016-9866\");\n script_xref(name:\"GLSA\", value:\"201701-32\");\n\n script_name(english:\"GLSA-201701-32 : phpMyAdmin: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201701-32\n(phpMyAdmin: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in phpMyAdmin. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A authenticated remote attacker could exploit these vulnerabilities to\n execute arbitrary PHP Code, inject SQL code, or to conduct Cross-Site\n Scripting attacks.\n In certain configurations, an unauthenticated remote attacker could\n cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201701-32\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All phpMyAdmin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/phpmyadmin-4.6.5.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'phpMyAdmin Authenticated Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:phpmyadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/phpmyadmin\", unaffected:make_list(\"ge 4.6.5.1\"), vulnerable:make_list(\"lt 4.6.5.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2020-01-29T19:29:42", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-06-18T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for phpmyadmin (DLA-1821-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6612", "CVE-2016-6611", "CVE-2016-6630", "CVE-2016-6632", "CVE-2019-12616", "CVE-2016-9850", "CVE-2016-6607", "CVE-2016-6613", "CVE-2016-6606", "CVE-2016-9864", "CVE-2016-6626", "CVE-2016-9861", "CVE-2016-6627", "CVE-2016-9849", "CVE-2016-6628", "CVE-2016-6624", "CVE-2016-6631"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891821", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891821", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891821\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-6606\", \"CVE-2016-6607\", \"CVE-2016-6611\", \"CVE-2016-6612\", \"CVE-2016-6613\", \"CVE-2016-6624\", \"CVE-2016-6626\", \"CVE-2016-6627\", \"CVE-2016-6628\", \"CVE-2016-6630\", \"CVE-2016-6631\", \"CVE-2016-6632\", \"CVE-2016-9849\", \"CVE-2016-9850\", \"CVE-2016-9861\", \"CVE-2016-9864\", \"CVE-2019-12616\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-06-18 02:00:39 +0000 (Tue, 18 Jun 2019)\");\n script_name(\"Debian LTS: Security Advisory for phpmyadmin (DLA-1821-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1821-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/930017\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'phpmyadmin'\n package(s) announced via the DLA-1821-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple security vulnerabilities were fixed in phpmyadmin, a MySQL web\nadministration tool, which prevent possible SQL injection attacks, CSRF,\nthe bypass of user restrictions, information disclosure or\ndenial-of-service.\");\n\n script_tag(name:\"affected\", value:\"'phpmyadmin' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n4:4.2.12-2+deb8u6.\n\nWe recommend that you upgrade your phpmyadmin packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"phpmyadmin\", ver:\"4:4.2.12-2+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:39", "description": "phpMyAdmin is prone to multiple security vulnerabilities.", "cvss3": {}, "published": "2017-04-10T00:00:00", "type": "openvas", "title": "phpMyAdmin Multiple Security Vulnerabilities - 02 - Dec16 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6625", "CVE-2016-6614", "CVE-2016-6612", "CVE-2016-6633", "CVE-2016-6611", "CVE-2016-6630", "CVE-2016-6632", "CVE-2016-6609", "CVE-2016-6622", "CVE-2016-6607", "CVE-2016-6613", "CVE-2016-6606", "CVE-2016-6626", "CVE-2016-6610", "CVE-2016-6619", "CVE-2016-6629", "CVE-2016-6627", "CVE-2016-6620", "CVE-2016-6623", "CVE-2016-6628", "CVE-2016-6624", "CVE-2016-6631", "CVE-2016-6618"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310108129", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108129", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_mult_vuln03_dec16_lin.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# phpMyAdmin Multiple Security Vulnerabilities - 02 - Dec16 (Linux)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108129\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-10 12:18:02 +0200 (Mon, 10 Apr 2017)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2016-6633\", \"CVE-2016-6632\", \"CVE-2016-6631\", \"CVE-2016-6630\", \"CVE-2016-6629\",\n \"CVE-2016-6628\", \"CVE-2016-6627\", \"CVE-2016-6626\", \"CVE-2016-6625\", \"CVE-2016-6624\",\n \"CVE-2016-6623\", \"CVE-2016-6622\", \"CVE-2016-6620\", \"CVE-2016-6619\", \"CVE-2016-6618\",\n \"CVE-2016-6614\", \"CVE-2016-6613\", \"CVE-2016-6612\", \"CVE-2016-6611\", \"CVE-2016-6610\",\n \"CVE-2016-6609\", \"CVE-2016-6607\", \"CVE-2016-6606\");\n script_name(\"phpMyAdmin Multiple Security Vulnerabilities - 02 - Dec16 (Linux)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"phpMyAdmin is prone to multiple security vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin 4.6.x prior to 4.6.4, 4.4.x prior to 4.4.15.8, and 4.0.x prior to 4.0.10.17.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.6.4, 4.4.15.8 or 4.0.10.17.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( vers =~ \"^4\\.0\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.0.10.17\" ) ) {\n vuln = TRUE;\n fix = \"4.0.10.17\";\n }\n}\n\nif( vers =~ \"^4\\.4\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.4.15.8\" ) ) {\n vuln = TRUE;\n fix = \"4.4.15.8\";\n }\n}\n\nif( vers =~ \"^4\\.6\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.6.4\" ) ) {\n vuln = TRUE;\n fix = \"4.6.4\";\n }\n}\n\nif( vuln ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:fix );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:58", "description": "phpMyAdmin is prone to multiple security vulnerabilities.", "cvss3": {}, "published": "2017-04-10T00:00:00", "type": "openvas", "title": "phpMyAdmin Multiple Security Vulnerabilities - 02 - Dec16 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6625", "CVE-2016-6614", "CVE-2016-6612", "CVE-2016-6633", "CVE-2016-6611", "CVE-2016-6630", "CVE-2016-6632", "CVE-2016-6609", "CVE-2016-6622", "CVE-2016-6607", "CVE-2016-6613", "CVE-2016-6606", "CVE-2016-6626", "CVE-2016-6610", "CVE-2016-6619", "CVE-2016-6629", "CVE-2016-6627", "CVE-2016-6620", "CVE-2016-6623", "CVE-2016-6628", "CVE-2016-6624", "CVE-2016-6631", "CVE-2016-6618"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310108128", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108128", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_mult_vuln03_dec16_win.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# phpMyAdmin Multiple Security Vulnerabilities - 02 - Dec16 (Windows)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108128\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-10 12:18:02 +0200 (Mon, 10 Apr 2017)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2016-6633\", \"CVE-2016-6632\", \"CVE-2016-6631\", \"CVE-2016-6630\", \"CVE-2016-6629\",\n \"CVE-2016-6628\", \"CVE-2016-6627\", \"CVE-2016-6626\", \"CVE-2016-6625\", \"CVE-2016-6624\",\n \"CVE-2016-6623\", \"CVE-2016-6622\", \"CVE-2016-6620\", \"CVE-2016-6619\", \"CVE-2016-6618\",\n \"CVE-2016-6614\", \"CVE-2016-6613\", \"CVE-2016-6612\", \"CVE-2016-6611\", \"CVE-2016-6610\",\n \"CVE-2016-6609\", \"CVE-2016-6607\", \"CVE-2016-6606\");\n script_name(\"phpMyAdmin Multiple Security Vulnerabilities - 02 - Dec16 (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"phpMyAdmin is prone to multiple security vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin 4.6.x prior to 4.6.4, 4.4.x prior to 4.4.15.8, and 4.0.x prior to 4.0.10.17.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.6.4, 4.4.15.8 or 4.0.10.17.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( vers =~ \"^4\\.0\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.0.10.17\" ) ) {\n vuln = TRUE;\n fix = \"4.0.10.17\";\n }\n}\n\nif( vers =~ \"^4\\.4\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.4.15.8\" ) ) {\n vuln = TRUE;\n fix = \"4.4.15.8\";\n }\n}\n\nif( vers =~ \"^4\\.6\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.6.4\" ) ) {\n vuln = TRUE;\n fix = \"4.6.4\";\n }\n}\n\nif( vuln ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:fix );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-08-30T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for phpMyAdmin (openSUSE-SU-2016:2168-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6625", "CVE-2016-6615", "CVE-2016-6614", "CVE-2016-6612", "CVE-2016-6617", "CVE-2016-6633", "CVE-2016-6611", "CVE-2016-6630", "CVE-2016-6632", "CVE-2016-6621", "CVE-2016-6616", "CVE-2016-6609", "CVE-2016-6608", "CVE-2016-6622", "CVE-2016-6607", "CVE-2016-6613", "CVE-2016-6606", "CVE-2016-6626", "CVE-2016-6610", "CVE-2016-6619", "CVE-2016-6629", "CVE-2016-6627", "CVE-2016-6620", "CVE-2016-6623", "CVE-2016-6628", "CVE-2016-6624", "CVE-2016-6631", "CVE-2016-6618"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851387", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851387", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851387\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-08-30 05:44:06 +0200 (Tue, 30 Aug 2016)\");\n script_cve_id(\"CVE-2016-6606\", \"CVE-2016-6607\", \"CVE-2016-6608\", \"CVE-2016-6609\",\n \"CVE-2016-6610\", \"CVE-2016-6611\", \"CVE-2016-6612\", \"CVE-2016-6613\",\n \"CVE-2016-6614\", \"CVE-2016-6615\", \"CVE-2016-6616\", \"CVE-2016-6617\",\n \"CVE-2016-6618\", \"CVE-2016-6619\", \"CVE-2016-6620\", \"CVE-2016-6621\",\n \"CVE-2016-6622\", \"CVE-2016-6623\", \"CVE-2016-6624\", \"CVE-2016-6625\",\n \"CVE-2016-6626\", \"CVE-2016-6627\", \"CVE-2016-6628\", \"CVE-2016-6629\",\n \"CVE-2016-6630\", \"CVE-2016-6631\", \"CVE-2016-6632\", \"CVE-2016-6633\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for phpMyAdmin (openSUSE-SU-2016:2168-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'phpMyAdmin'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"phpMyAdmin was updated to version 4.4.15.8 (2016-08-16) to fix the\n following issues:\n\n - Upstream changelog for 4.4.15.8:\n\n * Improve session cookie code for openid.php and signon.php example files\n\n * Full path disclosure in openid.php and signon.php example files\n\n * Unsafe generation of BlowfishSecret (when not supplied by the user)\n\n * Referrer leak when phpinfo is enabled\n\n * Use HTTPS for wiki links\n\n * Improve SSL certificate handling\n\n * Fix full path disclosure in debugging code\n\n * Administrators could trigger SQL injection attack against users\n\n - other fixes\n\n * Remove Swekey support\n\n * Weaknesses with cookie encryption see PMASA-2016-29 (CVE-2016-6606,\n CWE-661)\n\n * Multiple XSS vulnerabilities see PMASA-2016-30 (CVE-2016-6607, CWE-661)\n\n * Multiple XSS vulnerabilities see PMASA-2016-31 (CVE-2016-6608, CWE-661)\n\n * PHP code injection see PMASA-2016-32 (CVE-2016-6609, CWE-661)\n\n * Full path disclosure see PMASA-2016-33 (CVE-2016-6610, CWE-661)\n\n * SQL injection attack see PMASA-2016-34 (CVE-2016-6611, CWE-661)\n\n * Local file exposure through LOAD DATA LOCAL INFILE see PMASA-2016-35\n (CVE-2016-6612, CWE-661)\n\n * Local file exposure through symlinks with UploadDir see PMASA-2016-36\n (CVE-2016-6613, CWE-661)\n\n * Path traversal with SaveDir and UploadDir see PMASA-2016-37\n (CVE-2016-6614, CWE-661)\n\n * Multiple XSS vulnerabilities see PMASA-2016-38 (CVE-2016-6615, CWE-661)\n\n * SQL injection vulnerability as control user see PMASA-2016-39\n (CVE-2016-6616, CWE-661)\n\n * SQL injection vulnerability see PMASA-2016-40 (CVE-2016-6617, CWE-661)\n\n * Denial-of-service attack through transformation feature see\n PMASA-2016-41 (CVE-2016-6618, CWE-661)\n\n * SQL injection vulnerability as control user see PMASA-2016-42\n (CVE-2016-6619, CWE-661)\n\n * Verify data before unserializing see PMASA-2016-43 (CVE-2016-6620,\n CWE-661)\n\n * SSRF in setup script see PMASA-2016-44 (CVE-2016-6621, CWE-661)\n\n * Denial-of-service attack with $cfg['AllowArbitraryServer'] = true and\n persistent connections see PMASA-2016-45 (CVE-2016-6622, CWE-661)\n\n * Denial-of-service attack by using for loops see PMASA-2016-46\n (CVE-2016-6623, CWE-661)\n\n * Possible circumvention of IP-based allow/deny rules with IPv6 and\n proxy server see PMASA-2016-47 (CVE-2016-6624, CWE-661)\n\n * Detect if user is logged in see PMASA-2016-48 (CVE-2016-6625, CWE-661)\n\n * Bypass URL redirection protection see PMASA-2016-49 (CVE-2016-6626,\n CWE-661)\n\n * Referrer leak see PMASA-2016-50 (CVE-201 ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin on openSUSE Leap 42.1, openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2168-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~4.4.15.8~39.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mageia": [{"lastseen": "2023-12-02T20:47:30", "description": "In phpMyAdmin before 4.4.15.8, the decryption of the username/password is vulnerable to a padding oracle attack. The can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Also, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same (CVE-2016-6606). In phpMyAdmin before 4.4.15.8, multiple vulnerabilities have been discovered in the following areas of phpMyAdmin: Zoom search, GIS editor, Relation view, several Transformations, XML export, MediaWiki export, Designer, when the MySQL server is running with a specially-crafted log_bin directive, Database tab, Replication feature, and Database search (CVE-2016-6607). In phpMyAdmin before 4.4.15.8, a vulnerability was found where a specially crafted database name could be used to run arbitrary PHP commands through the array export feature (CVE-2016-6609). In phpMyAdmin before 4.4.15.8, a full path disclosure vulnerability was discovered where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk (CVE-2016-6610). In phpMyAdmin before 4.4.15.8, a vulnerability was reported where a specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality (CVE-2016-6611). In phpMyAdmin before 4.4.15.8, a vulnerability was discovered where a user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system (CVE-2016-6612). In phpMyAdmin before 4.4.15.8, a vulnerability was found where a user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user (CVE-2016-6613). In phpMyAdmin before 4.4.15.8, a vulnerability was reported with the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system (CVE-2016-6614). In phpMyAdmin before 4.4.15.8, multiple XSS vulnerabilities were found in the following areas: Navigation pane and database/table hiding feature, the \"Tracking\" feature, and GIS visualization feature (CVE-2016-6615). In phpMyAdmin before 4.4.15.8, a vulnerability was discovered in the following features where a user can execute an SQL injection attack against the account of the control user: User group Designer (CVE-2016-6616). In phpMyAdmin before 4.4.15.8, a vulnerability was found in the transformation feature allowing a user to trigger a denial-of-service (DOS) attack against the server (CVE-2016-6618). In phpMyAdmin before 4.4.15.8, a vulnerability was discovered in the user interface preference feature where a user can execute an SQL injection attack against the account of the control user (CVE-2016-6619). In phpMyAdmin before 4.4.15.8, a vulnerability was reported where some data is passed to the PHP unserialize() function without verification that it's valid serialized data. A malicious user may be able to manipulate the stored data in a way to result in code being loaded and executed (CVE-2016-6620). In phpMyAdmin before 4.4.15.8, a vulnerability was discovered where an unauthenticated user is able to execute a denial-of-service (DOS) attack by forcing persistent connections when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true; (CVE-2016-6622). In phpMyAdmin before 4.4.15.8, a vulnerability has been reported where a malicious authorized user can cause a denial-of-service (DOS) attack on a server by passing large values to a loop (CVE-2016-6623). In phpMyAdmin before 4.4.15.8, a vulnerability was discovered where, under certain circumstances, it may be possible to circumvent the phpMyAdmin IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules (CVE-2016-6624). In phpMyAdmin before 4.4.15.8, a vulnerability was reported where an attacker can determine whether a user is logged in to phpMyAdmin (CVE-2016-6625). In phpMyAdmin before 4.4.15.8, a vulnerability was discovered where an attacker could redirect a user to a malicious web page (CVE-2016-6626). In phpMyAdmin before 4.4.15.8, a vulnerability was discovered where an attacker can determine the phpMyAdmin host location through the file url.php (CVE-2016-6627). In phpMyAdmin before 4.4.15.8, a vulnerability was discovered where an attacker may be able to trigger a user to download a specially crafted malicious SVG file (CVE-2016-6628). In phpMyAdmin before 4.4.15.8, a vulnerability was reported with the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp (CVE-2016-6629). In phpMyAdmin before 4.4.15.8, an authenticated user can trigger a denial-of-service (DOS) attack by entering a very long password at the change password dialog (CVE-2016-6630). In phpMyAdmin before 4.4.15.8, a vulnerability was discovered where a user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file generator_plugin.sh (CVE-2016-6631). In phpMyAdmin before 4.4.15.8, a flaw was discovered where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files (CVE-2016-6632). In phpMyAdmin before 4.4.15.8, a vulnerability was discovered where phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations (CVE-2016-6633). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-08-31T18:32:33", "type": "mageia", "title": "Updated phpmyadmin packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6606", "CVE-2016-6607", "CVE-2016-6609", "CVE-2016-6610", "CVE-2016-6611", "CVE-2016-6612", "CVE-2016-6613", "CVE-2016-6614", "CVE-2016-6615", "CVE-2016-6616", "CVE-2016-6618", "CVE-2016-6619", "CVE-2016-6620", "CVE-2016-6622", "CVE-2016-6623", "CVE-2016-6624", "CVE-2016-6625", "CVE-2016-6626", "CVE-2016-6627", "CVE-2016-6628", "CVE-2016-6629", "CVE-2016-6630", "CVE-2016-6631", "CVE-2016-6632", "CVE-2016-6633"], "modified": "2016-08-31T18:32:33", "id": "MGASA-2016-0291", "href": "https://advisories.mageia.org/MGASA-2016-0291.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2023-12-02T16:48:24", "description": "\n\nThe phpmyadmin development team reports:\n\nWeakness with cookie encryption\n\n\nMultiple XSS vulnerabilities\n\n\nMultiple XSS vulnerabilities\n\n\nPHP code injection\n\n\nFull path disclosure\n\n\nSQL injection attack\n\n\nLocal file exposure\n\n\nLocal file exposure through symlinks with\n\t UploadDir\n\n\nPath traversal with SaveDir and UploadDir\n\n\nMultiple XSS vulnerabilities\n\n\nSQL injection attack\n\n\nSQL injection attack\n\n\nDenial of service (DOS) attack in transformation\n\t feature\n\n\nSQL injection attack as control user\n\n\nUnvalidated data passed to unserialize()\n\n\nDOS attack with forced persistent connections\n\n\nDenial of service (DOS) attack by for loops\n\n\nIPv6 and proxy server IP-based authentication rule\n\t circumvention\n\n\nDetect if user is logged in\n\n\nBypass URL redirect protection\n\n\nReferrer leak in url.php\n\n\nReflected File Download attack\n\n\nArbitraryServerRegexp bypass\n\n\nDenial of service (DOS) attack by changing password to a\n\t very long string\n\n\nRemote code execution vulnerability when run as CGI\n\n\nSummary\nDenial of service (DOS) attack with dbase extension\n\n\nRemote code execution vulnerability when PHP is running\n\t with dbase extension\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-08-17T00:00:00", "type": "freebsd", "title": "phpmyadmin -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6606", "CVE-2016-6607", "CVE-2016-6608", "CVE-2016-6609", "CVE-2016-6610", "CVE-2016-6611", "CVE-2016-6612", "CVE-2016-6613", "CVE-2016-6614", "CVE-2016-6615", "CVE-2016-6616", "CVE-2016-6617", "CVE-2016-6618", "CVE-2016-6619", "CVE-2016-6620", "CVE-2016-6622", "CVE-2016-6623", "CVE-2016-6624", "CVE-2016-6625", "CVE-2016-6626", "CVE-2016-6627", "CVE-2016-6628", "CVE-2016-6629", "CVE-2016-6630", "CVE-2016-6631", "CVE-2016-6632", "CVE-2016-6633"], "modified": "2016-08-17T00:00:00", "id": "EF70B201-645D-11E6-9CDC-6805CA0B3D42", "href": "https://vuxml.freebsd.org/freebsd/ef70b201-645d-11e6-9cdc-6805ca0b3d42.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2021-06-08T18:43:49", "description": "phpMyAdmin was updated to version 4.4.15.8 (2016-08-16) to fix the\n following issues:\n\n - Upstream changelog for 4.4.15.8:\n * Improve session cookie code for openid.php and signon.php example files\n * Full path disclosure in openid.php and signon.php example files\n * Unsafe generation of BlowfishSecret (when not supplied by the user)\n * Referrer leak when phpinfo is enabled\n * Use HTTPS for wiki links\n * Improve SSL certificate handling\n * Fix full path disclosure in debugging code\n * Administrators could trigger SQL injection attack against users\n - other fixes\n * Remove Swekey support\n - Security fixes: <a rel=\"nofollow\" href=\"https://www.phpmyadmin.net/security/\">https://www.phpmyadmin.net/security/</a>\n * Weaknesses with cookie encryption see PMASA-2016-29 (CVE-2016-6606,\n CWE-661)\n * Multiple XSS vulnerabilities see PMASA-2016-30 (CVE-2016-6607, CWE-661)\n * Multiple XSS vulnerabilities see PMASA-2016-31 (CVE-2016-6608, CWE-661)\n * PHP code injection see PMASA-2016-32 (CVE-2016-6609, CWE-661)\n * Full path disclosure see PMASA-2016-33 (CVE-2016-6610, CWE-661)\n * SQL injection attack see PMASA-2016-34 (CVE-2016-6611, CWE-661)\n * Local file exposure through LOAD DATA LOCAL INFILE see PMASA-2016-35\n (CVE-2016-6612, CWE-661)\n * Local file exposure through symlinks with UploadDir see PMASA-2016-36\n (CVE-2016-6613, CWE-661)\n * Path traversal with SaveDir and UploadDir see PMASA-2016-37\n (CVE-2016-6614, CWE-661)\n * Multiple XSS vulnerabilities see PMASA-2016-38 (CVE-2016-6615, CWE-661)\n * SQL injection vulnerability as control user see PMASA-2016-39\n (CVE-2016-6616, CWE-661)\n * SQL injection vulnerability see PMASA-2016-40 (CVE-2016-6617, CWE-661)\n * Denial-of-service attack through transformation feature see\n PMASA-2016-41 (CVE-2016-6618, CWE-661)\n * SQL injection vulnerability as control user see PMASA-2016-42\n (CVE-2016-6619, CWE-661)\n * Verify data before unserializing see PMASA-2016-43 (CVE-2016-6620,\n CWE-661)\n * SSRF in setup script see PMASA-2016-44 (CVE-2016-6621, CWE-661)\n * Denial-of-service attack with $cfg['AllowArbitraryServer'] = true and\n persistent connections see PMASA-2016-45 (CVE-2016-6622, CWE-661)\n * Denial-of-service attack by using for loops see PMASA-2016-46\n (CVE-2016-6623, CWE-661)\n * Possible circumvention of IP-based allow/deny rules with IPv6 and\n proxy server see PMASA-2016-47 (CVE-2016-6624, CWE-661)\n * Detect if user is logged in see PMASA-2016-48 (CVE-2016-6625, CWE-661)\n * Bypass URL redirection protection see PMASA-2016-49 (CVE-2016-6626,\n CWE-661)\n * Referrer leak see PMASA-2016-50 (CVE-2016-6627, CWE-661)\n * Reflected File Download see PMASA-2016-51 (CVE-2016-6628, CWE-661)\n * ArbitraryServerRegexp bypass see PMASA-2016-52 (CVE-2016-6629, CWE-661)\n * Denial-of-service attack by entering long password see PMASA-2016-53\n (CVE-2016-6630, CWE-661)\n * Remote code execution vulnerability when running as CGI see\n PMASA-2016-54 (CVE-2016-6631, CWE-661)\n * Denial-of-service attack when PHP uses dbase extension see\n PMASA-2016-55 (CVE-2016-6632, CWE-661)\n * Remove tode execution vulnerability when PHP uses dbase extension see\n PMASA-2016-56 (CVE-2016-6633, CWE-661)\n\n", "cvss3": {}, "published": "2016-08-29T11:09:35", "type": "suse", "title": "Security update for phpMyAdmin (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-6625", "CVE-2016-6615", "CVE-2016-6614", "CVE-2016-6612", "CVE-2016-6617", "CVE-2016-6633", "CVE-2016-6611", "CVE-2016-6630", "CVE-2016-6632", "CVE-2016-6621", "CVE-2016-6616", "CVE-2016-6609", "CVE-2016-6608", "CVE-2016-6622", "CVE-2016-6607", "CVE-2016-6613", "CVE-2016-6606", "CVE-2016-6626", "CVE-2016-6610", "CVE-2016-6619", "CVE-2016-6629", "CVE-2016-6627", "CVE-2016-6620", "CVE-2016-6623", "CVE-2016-6628", "CVE-2016-6624", "CVE-2016-6631", "CVE-2016-6618"], "modified": "2016-08-29T11:09:35", "id": "OPENSUSE-SU-2016:2168-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00047.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "gentoo": [{"lastseen": "2023-12-02T16:59:57", "description": "### Background\n\nphpMyAdmin is a web-based management tool for MySQL databases.\n\n### Description\n\nMultiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA authenticated remote attacker could exploit these vulnerabilities to execute arbitrary PHP Code, inject SQL code, or to conduct Cross-Site Scripting attacks. \n\nIn certain configurations, an unauthenticated remote attacker could cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll phpMyAdmin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/phpmyadmin-4.6.5.1\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-11T00:00:00", "type": "gentoo", "title": "phpMyAdmin: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4412", "CVE-2016-5097", "CVE-2016-5098", "CVE-2016-5099", "CVE-2016-5701", "CVE-2016-5702", "CVE-2016-5703", "CVE-2016-5704", "CVE-2016-5705", "CVE-2016-5706", "CVE-2016-5730", "CVE-2016-5731", "CVE-2016-5732", "CVE-2016-5733", "CVE-2016-5734", "CVE-2016-5739", "CVE-2016-6606", "CVE-2016-6607", "CVE-2016-6608", "CVE-2016-6609", "CVE-2016-6610", "CVE-2016-6611", "CVE-2016-6612", "CVE-2016-6613", "CVE-2016-6614", "CVE-2016-6615", "CVE-2016-6616", "CVE-2016-6617", "CVE-2016-6618", "CVE-2016-6619", "CVE-2016-6620", "CVE-2016-6622", "CVE-2016-6623", "CVE-2016-6624", "CVE-2016-6625", "CVE-2016-6626", "CVE-2016-6627", "CVE-2016-6628", "CVE-2016-6629", "CVE-2016-6630", "CVE-2016-6631", "CVE-2016-6632", "CVE-2016-6633", "CVE-2016-9847", "CVE-2016-9848", "CVE-2016-9849", "CVE-2016-9850", "CVE-2016-9851", "CVE-2016-9852", "CVE-2016-9853", "CVE-2016-9854", "CVE-2016-9855", "CVE-2016-9856", "CVE-2016-9857", "CVE-2016-9858", "CVE-2016-9859", "CVE-2016-9860", "CVE-2016-9861", "CVE-2016-9862", "CVE-2016-9863", "CVE-2016-9864", "CVE-2016-9865", "CVE-2016-9866"], "modified": "2017-01-11T00:00:00", "id": "GLSA-201701-32", "href": "https://security.gentoo.org/glsa/201701-32", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
CVE-2016-6606
