CVE-2016-6625

MEDIUM4.3EPSS 0.27%

phpMyAdmin allows to detect if user is logged in

發布日:2022/5/17修改日:2025/11/19

也稱為:GHSA-r643-7xfg-ppc5ALPINE-CVE-2016-6625DEBIAN-CVE-2016-6625

描述

An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

受影響套件(3)

Alpine/phpmyadminfrom 0, < 4.4.15.8-r0
Debian/phpmyadminfrom 0, < 4:4.6.4+dfsg1-1
Packagist/phpmyadmin/phpmyadmin>= 4.6, < 4.6.4

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

參考連結(7)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-6625
ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2016-6625
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-6625
PATCHhttps://github.com/phpmyadmin/composer
WEBhttps://security.gentoo.org/glsa/201701-32
WEBhttps://www.phpmyadmin.net/security/PMASA-2016-48
WEBhttp://www.securityfocus.com/bid/92491