Input validation error in phpMyAdmin - CVE-2016-6630
Published: December 11, 2016 / Updated: August 4, 2020
Vulnerability identifier: #VU33627
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-6630
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: phpMyAdmin
Affected software:
phpMyAdmin
phpMyAdmin
Detailed vulnerability description
The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
How to mitigate CVE-2016-6630
Install update from vendor's website.