CVE-2016-6621

HIGH8.6EPSS 0.55%

phpmyadmin - security update

Published: 5/14/2022Modified: 5/7/2026

Description

The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.

Affected packages (3)

Debian/phpmyadminfrom 0, < 4:4.6.6-1
Debian/phpmyadminfrom 0, < 4:3.4.11.1-2+deb7u8
Packagist/phpmyadmin/phpmyadmin>= 4.6.0, < 4.6.6

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-6621
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-6621
PATCHhttps://github.com/phpmyadmin/composer
WEBhttps://lists.debian.org/debian-lts-announce/2018/07/msg00006.html
WEBhttps://www.phpmyadmin.net/security/PMASA-2016-44