CVE-2016-6608
Published: 11 December 2016
XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions (prior to 4.6.4) are affected.
Notes
Author | Note |
---|---|
ratliff | introduced in 4.6.0alpha https://github.com/phpmyadmin/phpmyadmin/commit/afc8aab04f7c09ea44b04806b426522e5ca830ee |
Priority
Status
Package | Release | Status |
---|---|---|
phpmyadmin Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
|
trusty |
Not vulnerable
|
|
upstream |
Released
(4:4.6.4+dfsg1-1)
|
|
xenial |
Not vulnerable
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.1 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Changed |
Confidentiality | Low |
Integrity impact | Low |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |