01 Juil 2016

CVE-2016-5703 Vulnerability

Publié par . Publié dans SQL Injection

SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query. (CVSS:7.5) (Last Update:2016-07-14)

Vulnerability Details :

- CVSS Scores & Vulnerability Types

CVSS Score	7.5
Confidentiality Impact	Partial(There is considerable informational disclosure.)
Integrity Impact	Partial(Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact	Partial(There is reduced performance or interruptions in resource availability.)
Access Complexity	Low(Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication	Not required(Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Execute CodeSql Injection
CWE ID	89

- Products Affected By CVE-2016-5703

#	Product Type	Vendor	Product	Version	Update
1	OS	Novell	Leap	42.1		Version Details Vulnerabilities
2	OS	Novell	Opensuse	13.1		Version Details Vulnerabilities
3	OS	Novell	Opensuse	13.2		Version Details Vulnerabilities
4	Application	Phpmyadmin	Phpmyadmin	4.4.0		Version Details Vulnerabilities
5	Application	Phpmyadmin	Phpmyadmin	4.4.1		Version Details Vulnerabilities
6	Application	Phpmyadmin	Phpmyadmin	4.4.1.1		Version Details Vulnerabilities
7	Application	Phpmyadmin	Phpmyadmin	4.4.2		Version Details Vulnerabilities
8	Application	Phpmyadmin	Phpmyadmin	4.4.3		Version Details Vulnerabilities
9	Application	Phpmyadmin	Phpmyadmin	4.4.4		Version Details Vulnerabilities
10	Application	Phpmyadmin	Phpmyadmin	4.4.5		Version Details Vulnerabilities
11	Application	Phpmyadmin	Phpmyadmin	4.4.6		Version Details Vulnerabilities
12	Application	Phpmyadmin	Phpmyadmin	4.4.6.1		Version Details Vulnerabilities
13	Application	Phpmyadmin	Phpmyadmin	4.4.7		Version Details Vulnerabilities
14	Application	Phpmyadmin	Phpmyadmin	4.4.8		Version Details Vulnerabilities
15	Application	Phpmyadmin	Phpmyadmin	4.4.9		Version Details Vulnerabilities
16	Application	Phpmyadmin	Phpmyadmin	4.4.10		Version Details Vulnerabilities
17	Application	Phpmyadmin	Phpmyadmin	4.4.11		Version Details Vulnerabilities
18	Application	Phpmyadmin	Phpmyadmin	4.4.12		Version Details Vulnerabilities
19	Application	Phpmyadmin	Phpmyadmin	4.4.13		Version Details Vulnerabilities
20	Application	Phpmyadmin	Phpmyadmin	4.4.13.1		Version Details Vulnerabilities
21	Application	Phpmyadmin	Phpmyadmin	4.4.14.1		Version Details Vulnerabilities
22	Application	Phpmyadmin	Phpmyadmin	4.4.15		Version Details Vulnerabilities
23	Application	Phpmyadmin	Phpmyadmin	4.4.15.1		Version Details Vulnerabilities
24	Application	Phpmyadmin	Phpmyadmin	4.4.15.2		Version Details Vulnerabilities
25	Application	Phpmyadmin	Phpmyadmin	4.4.15.3		Version Details Vulnerabilities
26	Application	Phpmyadmin	Phpmyadmin	4.4.15.4		Version Details Vulnerabilities
27	Application	Phpmyadmin	Phpmyadmin	4.4.15.5		Version Details Vulnerabilities
28	Application	Phpmyadmin	Phpmyadmin	4.4.15.6		Version Details Vulnerabilities
29	Application	Phpmyadmin	Phpmyadmin	4.6.0		Version Details Vulnerabilities
30	Application	Phpmyadmin	Phpmyadmin	4.6.0	RC2	Version Details Vulnerabilities
31	Application	Phpmyadmin	Phpmyadmin	4.6.0	RC1	Version Details Vulnerabilities
32	Application	Phpmyadmin	Phpmyadmin	4.6.0	Alpha1	Version Details Vulnerabilities
33	Application	Phpmyadmin	Phpmyadmin	4.6.1		Version Details Vulnerabilities
34	Application	Phpmyadmin	Phpmyadmin	4.6.2		Version Details Vulnerabilities