Main Vulnerability Database Vulnerabilities #VU33579

Input validation error in phpMyAdmin - CVE-2016-9858

Published: December 11, 2016 / Updated: August 4, 2020

Vulnerability identifier: #VU33579

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-9858

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: phpMyAdmin

Affected software:
phpMyAdmin

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

How to mitigate CVE-2016-9858

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/94525
https://security.gentoo.org/glsa/201701-32
https://www.phpmyadmin.net/security/PMASA-2016-65

Input validation error in phpMyAdmin - CVE-2016-9858

Detailed vulnerability description

How to mitigate CVE-2016-9858

Sources

Please verify you're human