An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack     against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to     4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
    (CVE-2016-6633)

Note that Nessus relies on the presence of the package as reported by the vendor.

According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.17, 4.4.x prior to 4.4.15.8, or 4.6.x prior to 4.6.4. It is, therefore, affected by multiple vulnerabilities.

  - An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is     vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser     cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used     to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as     their username, an attacker who examines the browser cookie can see that they are the same - but the     attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions     (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are     affected. (CVE-2016-6606)

  - XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can     be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are not properly     escaped and can be used to trigger an XSS attack); Relation view; the following Transformations:
    Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline, and transformation wrapper;
    XML export; MediaWiki export; Designer; When the MySQL server is running with a specially-crafted log_bin     directive; Database tab; Replication feature; and Database search. All 4.6.x versions (prior to 4.6.4),     4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6607)

  - XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the Remove     partitioning functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x     versions (prior to 4.6.4) are affected. (CVE-2016-6608)

  - An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary     PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior     to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6609)

  - A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular     error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions     (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are     affected. (CVE-2016-6610)

  - An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to     trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4),     4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6611)

  - An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose     files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to     4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6612)

  - An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which     phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All     4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to     4.0.10.17) are affected. (CVE-2016-6613)

  - An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir     and UploadDir features. When the username substitution is configured, a specially-crafted user name can be     used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x     versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6614)

  - XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature     (a specially-crafted database name can be used to trigger an XSS attack); the Tracking feature (a     specially-crafted query can be used to trigger an XSS attack); and GIS visualization feature. All 4.6.x     versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. (CVE-2016-6615)

  - An issue was discovered in phpMyAdmin. In the User group and Designer features, a user can execute an     SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and     4.4.x versions (prior to 4.4.15.8) are affected. (CVE-2016-6616)

  - An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to     trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4) are     affected. (CVE-2016-6617)

  - An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-     service (DoS) attack against the server. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to     4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6618)

  - An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL     injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x     versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6619)

  - An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without     verification that it's valid serialized data. The unserialization can result in code execution because of     the interaction with object instantiation and autoloading. All 4.6.x versions (prior to 4.6.4), 4.4.x     versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6620)

  - An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service     (DoS) attack by forcing persistent connections when phpMyAdmin is running with     $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to     4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6622)

  - An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a     server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to     4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6623)

  - An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules.
    When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed     range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to     connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and     4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6624)

  - An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to     phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All     4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to     4.0.10.17) are affected. (CVE-2016-6625)

  - An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All     4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to     4.0.10.17) are affected. (CVE-2016-6626)

  - An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the     file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions     (prior to 4.0.10.17) are affected. (CVE-2016-6627)

  - An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially     crafted malicious SVG file. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and     4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6628)

  - An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive.
    An attacker could reuse certain cookie values in a way of bypassing the servers defined by     ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x     versions (prior to 4.0.10.17) are affected. (CVE-2016-6629)

  - An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack     by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x     versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6630)

  - An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server     when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a     query string which is executed as a command-line argument by the file generator_plugin.sh. All 4.6.x     versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are     affected. (CVE-2016-6631)

  - An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary     files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to     4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. (CVE-2016-6632)

  - An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack     against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to     4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
    (CVE-2016-6633)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-201701-32 (phpMyAdmin: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in phpMyAdmin. Please       review the CVE identifiers referenced below for details.
  Impact :

    A authenticated remote attacker could exploit these vulnerabilities to       execute arbitrary PHP Code, inject SQL code, or to conduct Cross-Site       Scripting attacks.
    In certain configurations, an unauthenticated remote attacker could       cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

Please reference CVE/URL list for details

Versions of phpMyAdmin 4.0.10.x prior to 4.0.10.17, 4.4.15.x prior to 4.4.15.8, and 4.6.x prior to 4.6.4 are unpatched, and therefore affected by the following vulnerabilities :

 - A flaw exists that may lead to the unauthorized disclosure of sensitive information.  The issue is due to the program using requests that contain an algorithm that is vulnerable to padding oracle attacks.  This may allow a remote attacker to decode information without knowledge of the encryption key and gain access to a user's potentially sensitive personal information.
 - A flaw exists that allows a cross-site scripting (XSS) attack.  This flaw exists because the 'libraries/replication_gui.lib.php' script does not validate input to the 'username' and 'hostname' parameters before returning it to users.  This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
 - A flaw exists that allows an XSS attack. vThis flaw exists because the database privilege check functionality does not validate input to database names before returning it to users.  This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
 - A flaw exists that allows an XSS attack.  This flaw exists because the remove partitioning functionality does not validate input before returning it to users.  This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
 - A flaw exists in the 'libraries/plugins/export/ExportPhparray.class.php' script that is triggered as input passed via database names is not properly sanitized.  This may allow a remote attacker to execute arbitrary commands.
 - A flaw exists in 'libraries/plugin_interface.lib.php' that is triggered during the handling of errors when creating non-existent classes, which may allow a remote attacker to disclose the software's installation path.  While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
 - A flaw exists that may allow carrying out an SQL injection attack.  The issue is due to the 'libraries/plugins/export/ExportSql.class.php' script not properly sanitizing input to database and table names.  This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
 - A flaw exists in the 'LOAD LOCAL INFILE' functionality that may allow an authenticated remote attacker to expose files on the server to the database system.
 - A flaw exists as the program creates temporary files insecurely.  It is possible for a local attacker to use a symlink attack against a file to cause the program to unexpectedly disclose arbitrary files.
 - A flaw exists that allows traversing outside of a restricted path.  The issue is due to the 'libraries/Util.class.php' script not properly sanitizing user input, specifically path traversal style attacks (e.g. '../') when handling the '%u' username replacement functionality of the 'SaveDir' and 'UploadDir' features.  With a specially crafted request, a remote attacker can disclose arbitrary files.
 - A flaw exists that allows an XSS attack.  This flaw exists because the 'libraries/navigation/Nodes/Node_Database.class.php' script does not validate input to database names before returning it to users.  This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
 - A flaw exists that allows an XSS attack.  This flaw exists because the 'libraries/tracking.lib.php' script does not validate input when handling queries before returning it to users.  This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
 - A flaw exists that allows an XSS attack.  This flaw exists because the 'libraries/tbl_gis_visualization.lib.php' script does not validate input before returning it to users.  This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
 - A flaw exists that may allow carrying out an SQL injection attack.  The issue is due to the program not properly sanitizing input when handling user group queries. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
 - A flaw exists that may allow carrying out an SQL injection attack.  The issue is due to the 'libraries/display_export.lib.php' script not properly sanitizing input when handling database or table names.  This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
 - A flaw exists in the 'transformation_wrapper.php' script that is triggered during the scaling of image dimensions.  This may allow a remote attacker to cause a denial of service for the server.
 - A flaw exists that may allow carrying out an SQL injection attack.  The issue is due to the user interface preference feature not properly sanitizing input before using it in SQL queries.  This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
 - A flaw exists in the 'unserialize()' function that is triggered during the handling of user-supplied data.  This may allow a remote attacker to execute arbitrary code.
 - A flaw exists in the 'AllowArbitraryServer' option that is triggered when a remote attacker to forces persistent connections.  This may allow the attacker to cause a denial of service.
 - A flaw exists that is triggered during the handling of looped large values.  This may allow an authenticated remote attacker to cause a denial of service on a server.
 - A flaw exists in the 'libraries/ip_allow_deny.lib.php' script that may allow a remote attacker to bypass IP-based authentication rules.
 - An unspecified flaw exists that may allow a remote attacker to determine whether a user is logged into the program.
 - A flaw exists that allows a cross-site redirection attack.  This flaw exists because the application does not validate input upon submission to the 'libraries/core.lib.php' script.  This could allow a context-dependent attacker to create a specially crafted link that, if followed, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. 
 - A flaw exists in the 'url.php' script that is triggered during the handling of HTTP headers.  This may allow a remote attacker to disclose host location information.
 - A flaw exists in the 'file_echo.php' script that may allow a remote attacker to cause a different user to download a specially crafted SVG file.
 - A flaw exists in the 'ArbitraryServerRegexp' configuration directive that may allow a remote attacker to reuse certain cookie values and bypass intended server definition limits.
 - A flaw exists in the 'user_password.php' script that is triggered during the handling of an overly long password.  This may allow a remote attacker to cause a denial of service.
 - A flaw exists in '/libraries/plugins/transformations/generator_plugin.sh' that is triggered during the handling of query strings.  This may allow a remote attacker to execute arbitrary code.
 - A flaw exists in the dbase extension in the 'libraries/plugins/import/ImportShp.class.php' script that is due to the program failing to delete temporary files during the import of ESRI files.  This may allow a remote attacker to cause a denial of service.
 - A flaw exists in the 'dbase' extension that is triggered during the handling of SHP import.  This may allow a remote attacker to execute arbitrary code.

This phpMyAdmin update to version 4.4.15.8 fixes the following issues :

Security issues fixed :

  - Improve session cookie code for openid.php and     signon.php example files

  - Full path disclosure in openid.php and signon.php     example files

  - Unsafe generation of BlowfishSecret (when not supplied     by the user)

  - Referrer leak when phpinfo is enabled

  - Use HTTPS for wiki links

  - Improve SSL certificate handling

  - Fix full path disclosure in debugging code

  - Administrators could trigger SQL injection attack     against users

  - Weaknesses with cookie encryption see PMASA-2016-29     (CVE-2016-6606, CWE-661)

  - Multiple XSS vulnerabilities see PMASA-2016-30     (CVE-2016-6607, CWE-661)

  - Multiple XSS vulnerabilities see PMASA-2016-31     (CVE-2016-6608, CWE-661)

  - PHP code injection see PMASA-2016-32 (CVE-2016-6609,     CWE-661)

  - Full path disclosure see PMASA-2016-33 (CVE-2016-6610,     CWE-661)

  - SQL injection attack see PMASA-2016-34 (CVE-2016-6611,     CWE-661)

  - Local file exposure through LOAD DATA LOCAL INFILE see     PMASA-2016-35 (CVE-2016-6612, CWE-661)

  - Local file exposure through symlinks with UploadDir see     PMASA-2016-36 (CVE-2016-6613, CWE-661)

  - Path traversal with SaveDir and UploadDir see     PMASA-2016-37 (CVE-2016-6614, CWE-661)

  - Multiple XSS vulnerabilities see PMASA-2016-38     (CVE-2016-6615, CWE-661)

  - SQL injection vulnerability as control user see     PMASA-2016-39 (CVE-2016-6616, CWE-661)

  - SQL injection vulnerability see PMASA-2016-40     (CVE-2016-6617, CWE-661)

  - Denial-of-service attack through transformation feature     see PMASA-2016-41 (CVE-2016-6618, CWE-661)

  - SQL injection vulnerability as control user see     PMASA-2016-42 (CVE-2016-6619, CWE-661)

  - Verify data before unserializing see PMASA-2016-43     (CVE-2016-6620, CWE-661)

  - SSRF in setup script see PMASA-2016-44 (CVE-2016-6621,     CWE-661)

  - Denial-of-service attack with     $cfg['AllowArbitraryServer'] = true and persistent     connections see PMASA-2016-45 (CVE-2016-6622, CWE-661)

  - Denial-of-service attack by using for loops see     PMASA-2016-46 (CVE-2016-6623, CWE-661)

  - Possible circumvention of IP-based allow/deny rules with     IPv6 and proxy server see PMASA-2016-47 (CVE-2016-6624,     CWE-661)

  - Detect if user is logged in see PMASA-2016-48     (CVE-2016-6625, CWE-661)

  - Bypass URL redirection protection see PMASA-2016-49     (CVE-2016-6626, CWE-661)

  - Referrer leak see PMASA-2016-50 (CVE-2016-6627, CWE-661)

  - Reflected File Download see PMASA-2016-51     (CVE-2016-6628, CWE-661)

  - ArbitraryServerRegexp bypass see PMASA-2016-52     (CVE-2016-6629, CWE-661)

  - Denial-of-service attack by entering long password see     PMASA-2016-53 (CVE-2016-6630, CWE-661)

  - Remote code execution vulnerability when running as CGI     see PMASA-2016-54 (CVE-2016-6631, CWE-661)

  - Denial-of-service attack when PHP uses dbase extension     see PMASA-2016-55 (CVE-2016-6632, CWE-661)

  - Remove tode execution vulnerability when PHP uses dbase     extension see PMASA-2016-56 (CVE-2016-6633, CWE-661)

phpMyAdmin was updated to version 4.4.15.8 (2016-08-16) to fix the following issues :

  - Upstream changelog for 4.4.15.8 :

  - Improve session cookie code for openid.php and     signon.php example files

  - Full path disclosure in openid.php and signon.php     example files

  - Unsafe generation of BlowfishSecret (when not supplied     by the user)

  - Referrer leak when phpinfo is enabled

  - Use HTTPS for wiki links

  - Improve SSL certificate handling

  - Fix full path disclosure in debugging code

  - Administrators could trigger SQL injection attack     against users

  - other fixes

  - Remove Swekey support

  - Security fixes: https://www.phpmyadmin.net/security/

  - Weaknesses with cookie encryption see PMASA-2016-29     (CVE-2016-6606, CWE-661)

  - Multiple XSS vulnerabilities see PMASA-2016-30     (CVE-2016-6607, CWE-661)

  - Multiple XSS vulnerabilities see PMASA-2016-31     (CVE-2016-6608, CWE-661)

  - PHP code injection see PMASA-2016-32 (CVE-2016-6609,     CWE-661)

  - Full path disclosure see PMASA-2016-33 (CVE-2016-6610,     CWE-661)

  - SQL injection attack see PMASA-2016-34 (CVE-2016-6611,     CWE-661)

  - Local file exposure through LOAD DATA LOCAL INFILE see     PMASA-2016-35 (CVE-2016-6612, CWE-661)

  - Local file exposure through symlinks with UploadDir see     PMASA-2016-36 (CVE-2016-6613, CWE-661)

  - Path traversal with SaveDir and UploadDir see     PMASA-2016-37 (CVE-2016-6614, CWE-661)

  - Multiple XSS vulnerabilities see PMASA-2016-38     (CVE-2016-6615, CWE-661)

  - SQL injection vulnerability as control user see     PMASA-2016-39 (CVE-2016-6616, CWE-661)

  - SQL injection vulnerability see PMASA-2016-40     (CVE-2016-6617, CWE-661)

  - Denial-of-service attack through transformation feature     see PMASA-2016-41 (CVE-2016-6618, CWE-661)

  - SQL injection vulnerability as control user see     PMASA-2016-42 (CVE-2016-6619, CWE-661)

  - Verify data before unserializing see PMASA-2016-43     (CVE-2016-6620, CWE-661)

  - SSRF in setup script see PMASA-2016-44 (CVE-2016-6621,     CWE-661)

  - Denial-of-service attack with     $cfg['AllowArbitraryServer'] = true and persistent     connections see PMASA-2016-45 (CVE-2016-6622, CWE-661)

  - Denial-of-service attack by using for loops see     PMASA-2016-46 (CVE-2016-6623, CWE-661)

  - Possible circumvention of IP-based allow/deny rules with     IPv6 and proxy server see PMASA-2016-47 (CVE-2016-6624,     CWE-661)

  - Detect if user is logged in see PMASA-2016-48     (CVE-2016-6625, CWE-661)

  - Bypass URL redirection protection see PMASA-2016-49     (CVE-2016-6626, CWE-661)

  - Referrer leak see PMASA-2016-50 (CVE-2016-6627, CWE-661)

  - Reflected File Download see PMASA-2016-51     (CVE-2016-6628, CWE-661)

  - ArbitraryServerRegexp bypass see PMASA-2016-52     (CVE-2016-6629, CWE-661)

  - Denial-of-service attack by entering long password see     PMASA-2016-53 (CVE-2016-6630, CWE-661)

  - Remote code execution vulnerability when running as CGI     see PMASA-2016-54 (CVE-2016-6631, CWE-661)

  - Denial-of-service attack when PHP uses dbase extension     see PMASA-2016-55 (CVE-2016-6632, CWE-661)

  - Remove tode execution vulnerability when PHP uses dbase     extension see PMASA-2016-56 (CVE-2016-6633, CWE-661)

The phpmyadmin development team reports :

Weakness with cookie encryption

Multiple XSS vulnerabilities

Multiple XSS vulnerabilities

PHP code injection

Full path disclosure

SQL injection attack

Local file exposure

Local file exposure through symlinks with UploadDir

Path traversal with SaveDir and UploadDir

Multiple XSS vulnerabilities

SQL injection attack

SQL injection attack

Denial of service (DOS) attack in transformation feature

SQL injection attack as control user

Unvalidated data passed to unserialize()

DOS attack with forced persistent connections

Denial of service (DOS) attack by for loops

IPv6 and proxy server IP-based authentication rule circumvention

Detect if user is logged in

Bypass URL redirect protection

Referrer leak in url.php

Reflected File Download attack

ArbitraryServerRegexp bypass

Denial of service (DOS) attack by changing password to a very long string

Remote code execution vulnerability when run as CGI Summary Denial of service (DOS) attack with dbase extension

Remote code execution vulnerability when PHP is running with dbase extension

ID	Name	Product	Family	Severity
254097	Linux Distros Unpatched Vulnerability : CVE-2016-6633	Nessus	Misc.	high
143282	phpMyAdmin 4.0.0 < 4.0.10.17 / 4.4.0 < 4.4.15.8 / 4.6.0 < 4.6.4 Multiple Vulnerabilities	Nessus	CGI abuses	critical
96426	GLSA-201701-32 : phpMyAdmin: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
95364	FreeBSD : phpMyAdmin -- multiple vulnerabilities (6fe72178-b2e3-11e6-8b2a-6805ca0b3d42)	Nessus	FreeBSD Local Security Checks	high
9538	phpMyAdmin 4.0.10.x < 4.0.10.17 / 4.4.15.x < 4.4.15.8 / 4.6.x < 4.6.4 Multiple Vulnerabilities	Nessus Network Monitor	CGI	critical
93214	openSUSE Security Update : phpMyAdmin (openSUSE-2016-1027)	Nessus	SuSE Local Security Checks	critical
93212	openSUSE Security Update : phpMyAdmin (openSUSE-2016-1021)	Nessus	SuSE Local Security Checks	critical
93024	FreeBSD : phpmyadmin -- multiple vulnerabilities (ef70b201-645d-11e6-9cdc-6805ca0b3d42)	Nessus	FreeBSD Local Security Checks	critical

Detections

Analytics

CVE-2016-6633

high

Tenable Plugins

high

critical

critical

high

critical

critical

critical

critical