[3.4] phpmyadmin: Multiple vulnerabilities (Various CVEs)
CVE-2016-6606: Weakness with cookie encryption
All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch.
https://www.phpmyadmin.net/security/PMASA-2016-29/
CVE-2016-6607: Multiple XSS vulnerabilities
All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch.
https://www.phpmyadmin.net/security/PMASA-2016-30/
CVE-2016-6608: Multiple XSS vulnerabilities
All 4.6.x versions (prior to 4.6.4) are affected
Upgrade to phpMyAdmin 4.6.4 or newer or apply patch.
https://www.phpmyadmin.net/security/PMASA-2016-31/
CVE-2016-6609: PHP code injection
All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer or apply patch.
https://www.phpmyadmin.net/security/PMASA-2016-32/
CVE-2016-6610: Full path disclosure
All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch.
https://www.phpmyadmin.net/security/PMASA-2016-33/
CVE-2016-6611: SQL injection attack
All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch.
https://www.phpmyadmin.net/security/PMASA-2016-34/
CVE-2016-6612: Local file exposure
All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch.
https://www.phpmyadmin.net/security/PMASA-2016-35/
CVE-2016-6613: Local file exposure through symlinks with UploadDir
All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch.
https://www.phpmyadmin.net/security/PMASA-2016-36/
CVE-2016-6614: Path traversal with SaveDir and UploadDir
All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer or apply patch.
https://www.phpmyadmin.net/security/PMASA-2016-37/
CVE-2016-6615: Multiple XSS vulnerabilities
All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected.
Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or newer or apply patch.
https://www.phpmyadmin.net/security/PMASA-2016-38/
CVE-2016-6616: SQL injection attack
All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected
Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or newer or apply patch
https://www.phpmyadmin.net/security/PMASA-2016-39/
CVE-2016-6617: SQL injection attack
All 4.6.x versions (prior to 4.6.4) are affected.
Upgrade to phpMyAdmin 4.6.4 or newer, or apply patch.
https://www.phpmyadmin.net/security/PMASA-2016-40/
CVE-2016-6618: Denial of service (DOS) attack in transformation feature
All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected
Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch.
https://www.phpmyadmin.net/security/PMASA-2016-41/
CVE-2016-6619: SQL injection attack as control user
All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer or apply patch.
https://www.phpmyadmin.net/security/PMASA-2016-42/
CVE-2016-6620: Unvalidated data passed to unserialize()
All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer or apply patch.
https://www.phpmyadmin.net/security/PMASA-2016-43/
CVE-2016-6622: DOS attack with forced persistent connections
All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer or apply patch.
https://www.phpmyadmin.net/security/PMASA-2016-45/
CVE-2016-6623: Denial of service (DOS) attack by for loops
All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch.
https://www.phpmyadmin.net/security/PMASA-2016-46/
CVE-2016-6624: IPv6 and proxy server IP-based authentication rule circumvention
All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected
Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer or apply patch
https://www.phpmyadmin.net/security/PMASA-2016-47/
CVE-2016-6625: Detect if user is logged in
All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected
Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer, or apply patch
https://www.phpmyadmin.net/security/PMASA-2016-48/
CVE-2016-6626: Bypass URL redirect protection
All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer.
https://www.phpmyadmin.net/security/PMASA-2016-49/
CVE-2016-6627: Referrer leak in url.php
All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer, or apply patch.
https://www.phpmyadmin.net/security/PMASA-2016-50/
CVE-2016-6628: Reflected File Download attack
All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected
Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer, or apply patch
https://www.phpmyadmin.net/security/PMASA-2016-51/
CVE-2016-6629: ArbitraryServerRegexp bypass
All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch.
https://www.phpmyadmin.net/security/PMASA-2016-52/
CVE-2016-6630: Denial of service (DOS) attack by changing password to a very long string
All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected
Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch
https://www.phpmyadmin.net/security/PMASA-2016-53/
CVE-2016-6631: Remote code execution vulnerability when run as CGI
All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected
Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer, or apply patch
https://www.phpmyadmin.net/security/PMASA-2016-54/
CVE-2016-6632: Denial of service (DOS) attack with dbase extension
All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected
Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch
https://www.phpmyadmin.net/security/PMASA-2016-55/
CVE-2016-6633: Remote code execution vulnerability when PHP is running with dbase extension
All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected
Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch
https://www.phpmyadmin.net/security/PMASA-2016-56/
(from redmine: issue id 6196, created on 2016-09-20, closed on 2016-10-25)
- Relations:
- parent #6194 (closed)
- Changesets:
- Revision c82a41ca by Natanael Copa on 2016-09-23T14:49:43Z:
main/phpmyadmin: security upgrade to 4.6.4
fixes #6196
CVE-2016-6606, CVE-2016-6607, CVE-2016-6608, CVE-2016-6609,
CVE-2016-6610, CVE-2016-6611, CVE-2016-6612, CVE-2016-6613,
CVE-2016-6614, CVE-2016-6615, CVE-2016-6616, CVE-2016-6617,
CVE-2016-6618, CVE-2016-6619, CVE-2016-6620, CVE-2016-6622,
CVE-2016-6623, CVE-2016-6624, CVE-2016-6625, CVE-2016-6626,
CVE-2016-6627, CVE-2016-6628, CVE-2016-6629, CVE-2016-6630,
CVE-2016-6631, CVE-2016-6632, CVE-2016-6633