Main Vulnerability Database Vulnerabilities #VU33624

Information disclosure in phpMyAdmin - CVE-2016-6627

Published: December 11, 2016 / Updated: August 4, 2020

Vulnerability identifier: #VU33624

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-6627

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: phpMyAdmin

Affected software:
phpMyAdmin

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

How to mitigate CVE-2016-6627

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/92494
https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html
https://security.gentoo.org/glsa/201701-32
https://www.phpmyadmin.net/security/PMASA-2016-50

Information disclosure in phpMyAdmin - CVE-2016-6627

Detailed vulnerability description

How to mitigate CVE-2016-6627

Sources

Please verify you're human