An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that its valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Phpmyadmin | Phpmyadmin | 4.6.0 (including) | 4.6.0 (including) |
Phpmyadmin | Phpmyadmin | 4.6.1 (including) | 4.6.1 (including) |
Phpmyadmin | Phpmyadmin | 4.6.2 (including) | 4.6.2 (including) |
Phpmyadmin | Phpmyadmin | 4.6.3 (including) | 4.6.3 (including) |
Phpmyadmin | Ubuntu | esm-apps/xenial | * |
Phpmyadmin | Ubuntu | esm-infra-legacy/trusty | * |
Phpmyadmin | Ubuntu | precise | * |
Phpmyadmin | Ubuntu | trusty | * |
Phpmyadmin | Ubuntu | trusty/esm | * |
Phpmyadmin | Ubuntu | upstream | * |
Phpmyadmin | Ubuntu | xenial | * |