CVE-2016-6608

MEDIUM6.1EPSS 0.32%

phpMyAdmin Cross-site Scripting (XSS)

發布日:2022/5/17修改日:2025/11/19

也稱為:GHSA-jfmj-27fp-qp67ALPINE-CVE-2016-6608DEBIAN-CVE-2016-6608

描述

XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions (prior to 4.6.4) are affected.

受影響套件(3)

Alpine/phpmyadminfrom 0, < 4.4.15.8-r0
Debian/phpmyadminfrom 0, < 4:4.6.4+dfsg1-1
Packagist/phpmyadmin/phpmyadmin>= 4.6, < 4.6.4

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

參考連結(7)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-6608
ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2016-6608
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-6608
PATCHhttps://github.com/phpmyadmin/composer
WEBhttps://security.gentoo.org/glsa/201701-32
WEBhttps://www.phpmyadmin.net/security/PMASA-2016-31
WEBhttp://www.securityfocus.com/bid/93258