CVE-2016-6609
HIGH8.8EPSS 0.41%phpmyadmin - security update
Published: 5/14/2022Modified: 5/7/2026
Description
An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Affected packages (4)
- Alpine/phpmyadminfrom 0, < 4.4.15.8-r0
- Debian/phpmyadminfrom 0, < 4:4.6.4+dfsg1-1
- Debian/phpmyadminfrom 0, < 4:4.2.12-2+deb8u3
- Packagist/phpmyadmin/phpmyadmin>= 4.6, < 4.6.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-6609
- ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2016-6609
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-6609
- PATCHhttps://github.com/phpmyadmin/composer
- WEBhttps://lists.debian.org/debian-lts-announce/2018/07/msg00006.html
- WEBhttps://security.gentoo.org/glsa/201701-32
- WEBhttps://www.phpmyadmin.net/security/PMASA-2016-32
- WEBhttp://www.securityfocus.com/bid/94112