CVE-2016-6608
MEDIUMphpMyAdmin 4.6.0-4.6.3 - Cross-Site Scripting via Database Name
Title source: llmDescription
XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions (prior to 4.6.4) are affected.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93258
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201701-32
Patch, Vendor Advisory x_refsource_confirm
https://www.phpmyadmin.net/security/PMASA-2016-31
Scores
CVSS v3
6.1
EPSS
0.0045
EPSS Percentile
63.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (5)
phpmyadmin/phpmyadmin
4.6.0 (4 CPE variants)
phpmyadmin/phpmyadmin
4.6.1
phpmyadmin/phpmyadmin
4.6.2
phpmyadmin/phpmyadmin
4.6.3
phpmyadmin/phpmyadmin
4.6 - 4.6.4Packagist
Published
Dec 11, 2016
Tracked Since
Feb 18, 2026