CVE-2016-6608
MEDIUM6.1EPSS 0.32%phpMyAdmin Cross-site Scripting (XSS)
Published: 5/17/2022Modified: 5/7/2026
Description
XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions (prior to 4.6.4) are affected.
Affected packages (3)
- Alpine/phpmyadminfrom 0, < 4.4.15.8-r0
- Debian/phpmyadminfrom 0, < 4:4.6.4+dfsg1-1
- Packagist/phpmyadmin/phpmyadmin>= 4.6, < 4.6.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-6608
- ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2016-6608
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-6608
- PATCHhttps://github.com/phpmyadmin/composer
- WEBhttps://security.gentoo.org/glsa/201701-32
- WEBhttps://www.phpmyadmin.net/security/PMASA-2016-31
- WEBhttp://www.securityfocus.com/bid/93258