CVE-2016-9863

CVE-2016-9863 : In phpMyAdmin, a very large request to the table partitioning function can cause a Denial of Service. Affected: phpMyAdmin 4.6.x prior to 4.6.5. Remediation: upgrade to 4.6.5 or later.

CVE-2016-9859

phpMyAdmin is affected by CVE-2016-9859 due to a crafted request parameter that can trigger a denial-of-service in the import feature. The issue affects 4.6.x (before 4.6.5), 4.4.x (before 4.4.15.9), and 4.0.x (before 4.0.10.18). Exploitation would impact availability of the import function. Reme...

CVE-2016-6616

CVE-2016-6616 affects phpMyAdmin: in the User group and Designer features, an attacker can perform an SQL injection against the control user’s account. Affected are all 4.6.x versions before 4.6.4 and 4.4.x versions before 4.4.15.8. This is a server-side issue within phpMyAdmin’s web interface, a...

CVE-2016-6633

CVE-2016-6633 affects phpMyAdmin: remote code execution possible on PHP installations using the dbase extension. Affected: phpMyAdmin 4.0.x before 4.0.10.17, 4.4.x before 4.4.15.8, and 4.6.x before 4.6.4. Connected sources confirm this vulnerability and document remediation guidance. Impact is re...

CVE-2016-6610

CVE-2016-6610 is a full path disclosure vulnerability in phpMyAdmin. A crafted error in the export mechanism can reveal the full installation path on disk. Affected are phpMyAdmin 4.6.x prior to 4.6.4, 4.4.x prior to 4.4.15.8, and 4.0.x prior to 4.0.10.17. The flaw enables an attacker to infer th...

CVE-2016-6609

An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

CVE-2016-9863

An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service DoS attack. All 4.6.x versions prior to 4.6.5 are affected...

CVE-2016-6613

An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to...

CVE-2016-6629

CVE-2016-6629 affects phpMyAdmin through the configuration directive $cfg['ArbitraryServerRegexp'], enabling an attacker to reuse certain cookie values to bypass server restrictions defined by ArbitraryServerRegexp. Affected are 4.6.x versions before 4.6.4, 4.4.x before 4.4.15.8, and 4.0.x before...

CVE-2016-9853

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...

CVE-2016-6628

The CVE-2016-6628 issue affects phpMyAdmin and allows an attacker to cause a user to download a specially crafted SVG file. Affected branches include 4.6.x before 4.6.4, 4.4.x before 4.4.15.8, and 4.0.x before 4.0.10.17. Connected advisories and trackers confirm the vulnerability exists in phpMyA...

CVE-2016-9866

phpMyAdmin is affected by CVE-2016-9866 due to improper handling of the CSRF token in return URLs for the preference import action when arg_separator differs from its default value. Affected versions include 4.6.x prior to 4.6.5, 4.4.x prior to 4.4.15.9, and 4.0.x prior to 4.0.10.18. Evidence in ...

CVE-2016-6606

phpMyAdmin is affected by CVE-2016-6606 due to a padding oracle vulnerability in cookie-based encryption that could allow an attacker with access to a user’s browser cookie to decrypt the stored username and password. The issue also stems from reusing the same IV to hash the username and password...

CVE-2016-9852

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...

CVE-2016-6623

An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service DoS attack on a server by passing large values to a loop. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

CVE-2016-6626

An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

CVE-2016-6607

XSS issues were discovered in phpMyAdmin. This affects Zoom search specially crafted column content can be used to trigger an XSS attack; GIS editor certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack; Relation view; the following...

CVE-2016-6610

A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are...

CVE-2016-6617

An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions prior to 4.6.4 are affected...

CVE-2016-9863

An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service DoS attack. All 4.6.x versions prior to 4.6.5 are affected...