Main Vulnerability Database Vulnerabilities #VU33622

Information disclosure in phpMyAdmin - CVE-2016-6625

Published: December 11, 2016 / Updated: August 4, 2020

Vulnerability identifier: #VU33622

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-6625

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: phpMyAdmin

Affected software:
phpMyAdmin

Detailed vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

How to mitigate CVE-2016-6625

Install update from vendor's website.

Information disclosure in phpMyAdmin - CVE-2016-6625

Detailed vulnerability description

How to mitigate CVE-2016-6625

Sources

Please verify you're human