GHSA-p849-vf5f-f3x7

Source

https://github.com/advisories/GHSA-p849-vf5f-f3x7

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p849-vf5f-f3x7/GHSA-p849-vf5f-f3x7.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-p849-vf5f-f3x7

Aliases

CVE-2016-6633

Published

2022-05-17T02:37:10Z

Modified

2024-04-24T18:28:58.027432Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

phpMyAdmin Remote code execution vulnerability when PHP is running with dbase extension

Details

An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

Database specific

{
    "nvd_published_at": "2016-12-11T02:59:00Z",
    "cwe_ids": [
        "CWE-94"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-24T18:11:23Z"
}

References

Affected packages

Packagist / phpmyadmin/phpmyadmin

Package

Name: phpmyadmin/phpmyadmin
Purl: pkg:composer/phpmyadmin/phpmyadmin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.6

Fixed

4.6.4

Packagist / phpmyadmin/phpmyadmin

Package

Name: phpmyadmin/phpmyadmin
Purl: pkg:composer/phpmyadmin/phpmyadmin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4

Fixed

4.4.15.8

Packagist / phpmyadmin/phpmyadmin

Package

Name: phpmyadmin/phpmyadmin
Purl: pkg:composer/phpmyadmin/phpmyadmin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0

Fixed

4.0.10.17

Affected versions

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.4.1

4.0.4.2

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.0.10

4.0.10.1

4.0.10.2

4.0.10.3

4.0.10.4

4.0.10.5

4.0.10.6

4.0.10.7

4.0.10.8

4.0.10.9