[3.2] phpmyadmin: Multiple issues (CVE-2016-5701, CVE-2016-5703, CVE-2016-5705, CVE-2016-5706, CVE-2016-5730, CVE-2016-5731, CVE-2016-5733, CVE-2016-5734, CVE-2016-5739)
CVE-2016-5701: BBCode injection vulnerability
Affected Versions
Version 4.6.x (prior to 4.6.3), 4.4.15.x (prior to 4.4.15.7), and 4.0.10.x (prior to 4.0.10.16) are affected
Upgrade to phpMyAdmin 4.6.3, 4.4.15.7 or newer
Reference:
https://www.phpmyadmin.net/security/PMASA-2016-17/
CVE-2016-5703: SQL injection attack
Affected Versions
Versions 4.6.x (prior to 4.6.3) and 4.4.x (prior to 4.4.15.7) are affected
Upgrade to phpMyAdmin 4.6.3, 4.4.15.7 or newer
Reference:
https://www.phpmyadmin.net/security/PMASA-2016-19/
CVE-2016-5705: Multiple XSS vulnerabilities
Affected Versions
All 4.4.x versions (prior to 4.4.15.7) and 4.6.x versions (prior to 4.6.3) are affected
Upgrade to phpMyAdmin 4.4.15.7 or 4.6.3 or newer.
Reference:
https://www.phpmyadmin.net/security/PMASA-2016-21/
CVE-2016-5706: DOS attack
Affected Versions
All 4.6.x versions (prior to 4.6.3), 4.4.x versions (prior to 4.4.15.7), and 4.0.x versions (prior to 4.0.10.16) are affected
Upgrade to phpMyAdmin 4.6.3, 4.4.15.7, or 4.0.10.16 or newer.
Reference:
https://www.phpmyadmin.net/security/PMASA-2016-22/
CVE-2016-5730: Multiple full path disclosure vulnerabilities
Affected Versions
All 4.6.x versions (prior to 4.6.3), 4.4.x versions (prior to 4.4.15.7), and 4.0.x versions (prior to 4.0.10.16) are affected
Upgrade to phpMyAdmin 4.6.3, 4.4.15.7, or 4.0.10.16 or newer
Reference:
https://www.phpmyadmin.net/security/PMASA-2016-23/
CVE-2016-5731: XSS through FPD
Affected Versions
All 4.6.x versions (prior to 4.6.3), 4.4.x versions (prior to 4.4.15.7), and 4.0.x versions (prior to 4.0.10.16) are affected
Upgrade to phpMyAdmin 4.6.3, 4.4.15.7, or 4.0.10.16 or newer or apply patch listed below.
Reference:
https://www.phpmyadmin.net/security/PMASA-2016-24/
CVE-2016-5733: Multiple XSS vulnerabilities
Affected Versions
All 4.6.x versions (prior to 4.6.3), 4.4.x versions (prior to 4.4.15.7), and 4.0.x versions (prior to 4.0.10.16) are affected
Upgrade to phpMyAdmin 4.6.3, 4.4.15.7, or 4.0.10.16 or newer
References:
https://www.phpmyadmin.net/security/PMASA-2016-26/
CVE-2016-5734: Unsafe handling of preg_replace parameters
Affected Versions
All 4.6.x versions (prior to 4.6.3), 4.4.x versions (prior to 4.4.15.7), and 4.0.x versions (prior to 4.0.10.16) are affected
Upgrade to phpMyAdmin 4.6.3, 4.4.15.7, or 4.0.10.16 or newer
https://www.phpmyadmin.net/security/PMASA-2016-27/
CVE-2016-5739: Referrer leak in transformations
Affected Versions
All 4.6.x versions (prior to 4.6.3), 4.4.x versions (prior to 4.4.15.7), and 4.0.x versions (prior to 4.0.10.16) are affected
Upgrade to phpMyAdmin 4.6.3, 4.4.15.7, or 4.0.10.16 or newer
Reference:
https://www.phpmyadmin.net/security/PMASA-2016-28/
(from redmine: issue id 5837, created on 2016-06-29, closed on 2016-07-07)
- Relations:
- parent #5833 (closed)
- Changesets:
- Revision 71d56877 on 2016-07-05T10:06:09Z:
main/phpmyadmin: security upgrade to 4.4.15.7
CVE-2016-5701
CVE-2016-5703
CVE-2016-5705
CVE-2016-5706
CVE-2016-5730
CVE-2016-5731
CVE-2016-5733
CVE-2016-5734
CVE-2016-5739
Fixes #5837