CVE-2016-6621

Опубликовано: 31 янв. 2017

Источник: nvd

CVSS3: 8.6

CVSS2: 5

EPSS Низкий

Описание

The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.

Ссылки

http://www.securityfocus.com/bid/95914
Third Party Advisory
VDB Entry
https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html
https://www.phpmyadmin.net/security/PMASA-2016-44/
Vendor Advisory
http://www.securityfocus.com/bid/95914
Third Party Advisory
VDB Entry
https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html
https://www.phpmyadmin.net/security/PMASA-2016-44/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*

Версия до 4.0.10.18 (включая)

Конфигурация 2

Одно из

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.0:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1.1:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.2:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.3:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.4:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.5:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6.1:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.7:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.8:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.9:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.10:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.11:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.12:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13.1:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14.1:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.1:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.2:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.3:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.4:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.5:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.6:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.8:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.9:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:rc1:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:rc2:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.4:*:*:*:*:*:*:*

cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.5:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00328

Низкий

8.6 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-918

Связанные уязвимости

CVE-2016-6621

CVSS3: 8.6

ubuntu

больше 8 лет назад

The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.

CVE-2016-6621

CVSS3: 8.6

debian

больше 8 лет назад

The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15. ...

GHSA-44vv-mm86-7cg6

CVSS3: 8.6

github

около 3 лет назад

phpMyAdmin server-side request forgery (SSRF)

openSUSE-SU-2017:0372-1

suse-cvrf

больше 8 лет назад

Security update for phpMyAdmin

openSUSE-SU-2016:2168-1

suse-cvrf

почти 9 лет назад

Security update for phpMyAdmin

EPSS

Процентиль: 55%

0.00328

Низкий

8.6 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-918