| Revision Date: | 2022-06-30 | Version: | 1 |
| Title: | CVE-2016-6614 |
| Description: |
An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
|
| Family: | unix | Class: | vulnerability |
| Status: | | Reference(s): | CVE-2016-6614
Mitre CVE-2016-6614
SUSE CVE-2016-6614
openSUSE-SU-2016:2168-1
openSUSE-SU-2016:2176-1
|
| Platform(s): | openSUSE 13.1
openSUSE 13.2
openSUSE Leap 42.1
openSUSE Tumbleweed
| Product(s): | |
| Definition Synopsis |
| openSUSE 13.1 is installed AND phpMyAdmin-4.4.15.8-63.1 is installed
|
| Definition Synopsis |
| openSUSE 13.2 is installed
AND phpMyAdmin-4.4.15.8-39.1 is installed
|
| Definition Synopsis |
| openSUSE Leap 42.1 is installed
AND Package Information
phpMyAdmin-4.4.15.8-25.1 is installed
AND phpMyAdmin is signed with openSUSE key
|
| Definition Synopsis |
| openSUSE Tumbleweed is installed
AND phpMyAdmin-4.6.5.2-1.1 is installed
|