UBUNTU-CVE-2016-6614
- Source
- https://ubuntu.com/security/CVE-2016-6614
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-6614.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-6614
- Related
- Published
- 2016-12-11T02:59:00Z
- Modified
- 2025-01-13T10:21:15Z
- Severity
-
- 6.8 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
- References
Affected packages
Ubuntu:Pro:14.04:LTS / phpmyadmin
Package
- Name
- phpmyadmin
- Purl
- pkg:deb/ubuntu/phpmyadmin@4:4.0.10-1ubuntu0.1+esm4?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:16.04:LTS / phpmyadmin
Package
- Name
- phpmyadmin
- Purl
- pkg:deb/ubuntu/phpmyadmin@4:4.5.4.1-2ubuntu2.1+esm6?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4:4.*
4:4.4.13.1-1
4:4.5.0.2-2
4:4.5.1-1
4:4.5.1-2
4:4.5.1-3
4:4.5.2-1
4:4.5.2-2
4:4.5.3.1-1
4:4.5.4-1
4:4.5.4.1-2
4:4.5.4.1-2ubuntu1
4:4.5.4.1-2ubuntu2
4:4.5.4.1-2ubuntu2.1
4:4.5.4.1-2ubuntu2.1+esm2
4:4.5.4.1-2ubuntu2.1+esm3
4:4.5.4.1-2ubuntu2.1+esm4
4:4.5.4.1-2ubuntu2.1+esm5
4:4.5.4.1-2ubuntu2.1+esm6