Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qZm1qLTI3ZnAtcXA2N84AAbaA
phpMyAdmin Cross-site Scripting (XSS)
XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions (prior to 4.6.4) are affected.
Permalink: https://github.com/advisories/GHSA-jfmj-27fp-qp67JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qZm1qLTI3ZnAtcXA2N84AAbaA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 23 days ago
CVSS Score: 6.1
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-jfmj-27fp-qp67, CVE-2016-6608
References:
- https://nvd.nist.gov/vuln/detail/CVE-2016-6608
- https://security.gentoo.org/glsa/201701-32
- https://www.phpmyadmin.net/security/PMASA-2016-31
- http://www.securityfocus.com/bid/93258
- https://github.com/advisories/GHSA-jfmj-27fp-qp67
Affected Packages
packagist:phpmyadmin/phpmyadmin
Dependent packages: 4Dependent repositories: 15
Downloads: 301,715 total
Affected Version Ranges: >= 4.6, < 4.6.4
Fixed in: 4.6.4
All affected versions:
All unaffected versions: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 4.7.7, 4.7.8, 4.7.9, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 4.8.5, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.9.7, 4.9.8, 4.9.9, 4.9.10, 4.9.11, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.2.0, 5.2.1