Arbitrary PHP Command Execution via Specially Crafted Database Name in phpMyAdmin

Arbitrary PHP Command Execution via Specially Crafted Database Name in phpMyAdmin

CVE-2016-6609 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

Learn more about our Web Application Penetration Testing UK.