CVE-2016-6612
MEDIUM6.5EPSS 0.32%phpMyAdmin Local file exposure
Published: 5/17/2022Modified: 5/7/2026
Description
An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Affected packages (3)
- Alpine/phpmyadminfrom 0, < 4.4.15.8-r0
- Debian/phpmyadminfrom 0, < 4:4.6.4+dfsg1-1
- Packagist/phpmyadmin/phpmyadmin>= 4.6, < 4.6.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-6612
- ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2016-6612
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-6612
- PATCHhttps://github.com/phpmyadmin/composer
- WEBhttps://lists.debian.org/debian-lts-announce/2019/06/msg00009.html
- WEBhttps://security.gentoo.org/glsa/201701-32
- WEBhttps://www.phpmyadmin.net/security/PMASA-2016-35
- WEBhttp://www.securityfocus.com/bid/94113