CVE-2016-9864

HIGH7.5EPSS 0.42%

發布日:2016/12/11修改日:2025/11/19

也稱為:ALPINE-CVE-2016-9864DEBIAN-CVE-2016-9864

描述

An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

受影響套件(2)

Alpine/phpmyadminfrom 0, < 4.4.15.9-r0
Debian/phpmyadminfrom 0, < 4:4.6.5.1-1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

參考連結(2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2016-9864
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-9864