CRITICAL🇬🇧 English

CVE-2016-6629

CVSS 9.8v3.0pub. 2016-12-11upd. 2026-05-06

An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Phpmyadmin

    APP
    Phpmyadmin
    4.0.04.0.14.0.104.0.10.14.0.10.104.0.10.114.0.10.124.0.10.134.0.10.144.0.10.154.0.10.164.0.10.24.0.10.34.0.10.44.0.10.5+ 45 więcej
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2009-1151CRITICAL9.8⚠ KEVten sam produkt

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 a...

CVE-2020-22452CRITICAL9.8ten sam produkt

SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5...

CVE-2020-26935CRITICAL9.8ten sam produkt

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection v...

CVE-2019-19617CRITICAL9.8ten sam produkt

phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevis...

CVE-2019-18622CRITICAL9.8ten sam produkt

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL...