Skip to main content

Phpmyadmin CVE-2016-6612

MEDIUM
Information Exposure (CWE-200)
2016-12-11 cve@mitre.org
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 11, 2016 - 02:59 cve.org
MEDIUM 6.5

DescriptionCVE.org

An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

AnalysisAI

An issue was discovered in phpMyAdmin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Affected products include: Phpmyadmin. Version information: prior to 4.6.4.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2016-5734 CRITICAL POC
9.8 Jul 03

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to

CVE-2012-5159 HIGH POC
7.5 Sep 25

phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an e

CVE-2013-3238 MEDIUM POC
6.0 Apr 26

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a

CVE-2018-12613 HIGH POC
8.8 Jun 21

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute

CVE-2020-22452 CRITICAL POC
9.8 Jan 26

SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via t

CVE-2020-26935 CRITICAL POC
9.8 Oct 10

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. Rated critical severity (CV

CVE-2015-6830 MEDIUM POC
5.0 Sep 14

libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allo

CVE-2020-22278 HIGH POC
8.8 Nov 04

phpMyAdmin through 5.0.2 allows CSV injection via Export Section. Rated high severity (CVSS 8.8), this vulnerability is

CVE-2020-5504 HIGH POC
8.8 Jan 09

In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. Rated high severity (CV

CVE-2018-10188 HIGH POC
8.8 Apr 19

phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_ope

CVE-2014-9218 MEDIUM POC
5.0 Dec 08

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows re

CVE-2012-5469 HIGH POC
7.5 Dec 20

The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain ph

Share

CVE-2016-6612 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy