CVE Vulnerabilities

CVE-2016-9861

Published: Dec 11, 2016 | Modified: Jul 01, 2017
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

Affected Software

Name Vendor Start Version End Version
Phpmyadmin Phpmyadmin 4.4.0 (including) 4.4.0 (including)
Phpmyadmin Phpmyadmin 4.4.1 (including) 4.4.1 (including)
Phpmyadmin Phpmyadmin 4.4.1.1 (including) 4.4.1.1 (including)
Phpmyadmin Phpmyadmin 4.4.2 (including) 4.4.2 (including)
Phpmyadmin Phpmyadmin 4.4.3 (including) 4.4.3 (including)
Phpmyadmin Phpmyadmin 4.4.4 (including) 4.4.4 (including)
Phpmyadmin Phpmyadmin 4.4.5 (including) 4.4.5 (including)
Phpmyadmin Phpmyadmin 4.4.6 (including) 4.4.6 (including)
Phpmyadmin Phpmyadmin 4.4.6.1 (including) 4.4.6.1 (including)
Phpmyadmin Phpmyadmin 4.4.7 (including) 4.4.7 (including)
Phpmyadmin Phpmyadmin 4.4.8 (including) 4.4.8 (including)
Phpmyadmin Phpmyadmin 4.4.9 (including) 4.4.9 (including)
Phpmyadmin Phpmyadmin 4.4.10 (including) 4.4.10 (including)
Phpmyadmin Phpmyadmin 4.4.11 (including) 4.4.11 (including)
Phpmyadmin Phpmyadmin 4.4.12 (including) 4.4.12 (including)
Phpmyadmin Phpmyadmin 4.4.13 (including) 4.4.13 (including)
Phpmyadmin Phpmyadmin 4.4.13.1 (including) 4.4.13.1 (including)
Phpmyadmin Phpmyadmin 4.4.14 (including) 4.4.14 (including)
Phpmyadmin Phpmyadmin 4.4.14.1 (including) 4.4.14.1 (including)
Phpmyadmin Phpmyadmin 4.4.15 (including) 4.4.15 (including)
Phpmyadmin Phpmyadmin 4.4.15.1 (including) 4.4.15.1 (including)
Phpmyadmin Phpmyadmin 4.4.15.2 (including) 4.4.15.2 (including)
Phpmyadmin Phpmyadmin 4.4.15.3 (including) 4.4.15.3 (including)
Phpmyadmin Phpmyadmin 4.4.15.4 (including) 4.4.15.4 (including)
Phpmyadmin Phpmyadmin 4.4.15.5 (including) 4.4.15.5 (including)
Phpmyadmin Phpmyadmin 4.4.15.6 (including) 4.4.15.6 (including)
Phpmyadmin Phpmyadmin 4.4.15.7 (including) 4.4.15.7 (including)
Phpmyadmin Phpmyadmin 4.4.15.8 (including) 4.4.15.8 (including)
Phpmyadmin Ubuntu esm-apps/xenial *
Phpmyadmin Ubuntu esm-infra-legacy/trusty *
Phpmyadmin Ubuntu precise *
Phpmyadmin Ubuntu trusty *
Phpmyadmin Ubuntu trusty/esm *
Phpmyadmin Ubuntu upstream *
Phpmyadmin Ubuntu xenial *
Phpmyadmin Ubuntu yakkety *

References