CVE-2016-9862

HIGH

Phpmyadmin - Code Injection

Title source: rule

Description

An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected.

References (3)

Scores

CVSS v3 7.5
EPSS 0.0046
EPSS Percentile 63.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Classification

CWE
CWE-94
Status draft

Affected Products (5)

phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin

Timeline

Published Dec 11, 2016
Tracked Since Feb 18, 2026