NVD

Id
22494  
Name
CVE-2016-9864  
Description
An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.  
Reject
 
CVSS Version
2  
CVSS Score
6  
Severity
Medium  
CVSS Base Score
6  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2016-12-10  
Modified Date
2016-12-23  
Seq
2016-9864  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
119280 22494 CVE-2016-9864 94533  View
119281 22494 CVE-2016-9864 https://www.phpmyadmin.net/security/PMASA-2016-69  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
5450 JVNDB-2016-006223 phpMyAdmin における SQL インジェクションの脆弱性 phpMyAdmin には、control user の特権で起動するトラッキング機能に SQL ステートメントを挿入される脆弱性が存在します。 CVE-2016-9864 96371 CVE-2016-9864 22494 6 7.5 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-006223.html 2016-11-25 2016-12-15 View