CVE-2016-5704

MEDIUM6.1EPSS 0.28%

phpMyAdmin XSS Vulnerability

發布日:2022/5/17修改日:2026/5/7

也稱為:GHSA-gcvp-cwgw-wx8jDEBIAN-CVE-2016-5704

描述

Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment.

受影響套件(2)

Debian/phpmyadminfrom 0, < 4:4.6.3-1
Packagist/phpmyadmin/phpmyadmin>= 4.6.0, < 4.6.3

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

參考連結(6)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-5704
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-5704
PATCHhttps://github.com/phpmyadmin/phpmyadmin
WEBhttps://github.com/phpmyadmin/phpmyadmin/commit/72213573182896bd6a6e5af5ba1881dd87c4a20b
WEBhttps://security.gentoo.org/glsa/201701-32
WEBhttps://www.phpmyadmin.net/security/PMASA-2016-20