CVE-2016-5730: Infoleak
First published: Sun Jul 03 2016(Updated: )
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/phpmyadmin/phpmyadmin | >=4.6<4.6.3 | 4.6.3 |
| composer/phpmyadmin/phpmyadmin | >=4.4<4.4.15.7 | 4.4.15.7 |
| composer/phpmyadmin/phpmyadmin | >=4.0<4.0.10.16 | 4.0.10.16 |
| phpMyAdmin | =4.0.0 | |
| phpMyAdmin | =4.0.1 | |
| phpMyAdmin | =4.0.2 | |
| phpMyAdmin | =4.0.3 | |
| phpMyAdmin | =4.0.4 | |
| phpMyAdmin | =4.0.4.1 | |
| phpMyAdmin | =4.0.4.2 | |
| phpMyAdmin | =4.0.5 | |
| phpMyAdmin | =4.0.6 | |
| phpMyAdmin | =4.0.7 | |
| phpMyAdmin | =4.0.8 | |
| phpMyAdmin | =4.0.9 | |
| phpMyAdmin | =4.0.10 | |
| phpMyAdmin | =4.0.10.1 | |
| phpMyAdmin | =4.0.10.2 | |
| phpMyAdmin | =4.0.10.3 | |
| phpMyAdmin | =4.0.10.4 | |
| phpMyAdmin | =4.0.10.5 | |
| phpMyAdmin | =4.0.10.6 | |
| phpMyAdmin | =4.0.10.7 | |
| phpMyAdmin | =4.0.10.8 | |
| phpMyAdmin | =4.0.10.9 | |
| phpMyAdmin | =4.0.10.10 | |
| phpMyAdmin | =4.0.10.11 | |
| phpMyAdmin | =4.0.10.12 | |
| phpMyAdmin | =4.0.10.13 | |
| phpMyAdmin | =4.0.10.14 | |
| phpMyAdmin | =4.0.10.15 | |
| phpMyAdmin | =4.6.0 | |
| phpMyAdmin | =4.6.0-alpha1 | |
| phpMyAdmin | =4.6.0-rc1 | |
| phpMyAdmin | =4.6.0-rc2 | |
| phpMyAdmin | =4.6.1 | |
| phpMyAdmin | =4.6.2 | |
| SUSE Linux | =42.1 | |
| SUSE Linux | =13.1 | |
| SUSE Linux | =13.2 | |
| phpMyAdmin | =4.4.0 | |
| phpMyAdmin | =4.4.1 | |
| phpMyAdmin | =4.4.1.1 | |
| phpMyAdmin | =4.4.2 | |
| phpMyAdmin | =4.4.3 | |
| phpMyAdmin | =4.4.4 | |
| phpMyAdmin | =4.4.5 | |
| phpMyAdmin | =4.4.6 | |
| phpMyAdmin | =4.4.6.1 | |
| phpMyAdmin | =4.4.7 | |
| phpMyAdmin | =4.4.8 | |
| phpMyAdmin | =4.4.9 | |
| phpMyAdmin | =4.4.10 | |
| phpMyAdmin | =4.4.11 | |
| phpMyAdmin | =4.4.12 | |
| phpMyAdmin | =4.4.13 | |
| phpMyAdmin | =4.4.13.1 | |
| phpMyAdmin | =4.4.14.1 | |
| phpMyAdmin | =4.4.15 | |
| phpMyAdmin | =4.4.15.1 | |
| phpMyAdmin | =4.4.15.2 | |
| phpMyAdmin | =4.4.15.3 | |
| phpMyAdmin | =4.4.15.4 | |
| phpMyAdmin | =4.4.15.5 | |
| phpMyAdmin | =4.4.15.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html
- http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html
- http://www.securityfocus.com/bid/91379
- https://github.com/phpmyadmin/phpmyadmin/commit/27664605b945b13e1d2b71adea822ace2099cc96
- https://github.com/phpmyadmin/phpmyadmin/commit/331c560fbfa0e7d2dce674b5e88e983c5f2a451d
- https://github.com/phpmyadmin/phpmyadmin/commit/96e0aa35653ec0c66084a7e9343465e16c1f769b
- https://github.com/phpmyadmin/phpmyadmin/commit/b0180f18c828706af3a6800f0fb01a536d3ef8c7
- https://github.com/phpmyadmin/phpmyadmin/commit/cd229d718e8cb4bc8ba32446beaa82d27727b6f0
- https://security.gentoo.org/glsa/201701-32
- https://www.phpmyadmin.net/security/PMASA-2016-23/
- https://nvd.nist.gov/vuln/detail/CVE-2016-5730
- https://www.phpmyadmin.net/security/PMASA-2016-23
- https://github.com/advisories/GHSA-wm9c-vcv2-vpqc (Advisory)
Frequently Asked Questions
What is the severity of CVE-2016-5730?
CVE-2016-5730 is rated as medium severity due to its potential to expose sensitive information.
How do I fix CVE-2016-5730?
To fix CVE-2016-5730, upgrade to phpMyAdmin versions 4.0.10.16, 4.4.15.7, or 4.6.3 or later.
What versions of phpMyAdmin are affected by CVE-2016-5730?
CVE-2016-5730 affects phpMyAdmin versions 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3.
What vulnerabilities are associated with CVE-2016-5730?
CVE-2016-5730 allows remote attackers to obtain sensitive information due to improper handling of certain data inputs.
Is there a workaround for CVE-2016-5730?
Currently, the best approach for CVE-2016-5730 is to update to the latest versions as there are no recommended workarounds.
- agent/type
- agent/remedy
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-wm9c-vcv2-vpqc
- alias/CVE-2016-5730
- agent/software-canonical-lookup
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/author
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/composer
- vendor/phpmyadmin
- canonical/phpmyadmin
- version/phpmyadmin/4.0.0
- version/phpmyadmin/4.0.1
- version/phpmyadmin/4.0.2
- version/phpmyadmin/4.0.3
- version/phpmyadmin/4.0.4
- version/phpmyadmin/4.0.4.1
- version/phpmyadmin/4.0.4.2
- version/phpmyadmin/4.0.5
- version/phpmyadmin/4.0.6
- version/phpmyadmin/4.0.7
- version/phpmyadmin/4.0.8
- version/phpmyadmin/4.0.9
- version/phpmyadmin/4.0.10
- version/phpmyadmin/4.0.10.1
- version/phpmyadmin/4.0.10.2
- version/phpmyadmin/4.0.10.3
- version/phpmyadmin/4.0.10.4
- version/phpmyadmin/4.0.10.5
- version/phpmyadmin/4.0.10.6
- version/phpmyadmin/4.0.10.7
- version/phpmyadmin/4.0.10.8
- version/phpmyadmin/4.0.10.9
- version/phpmyadmin/4.0.10.10
- version/phpmyadmin/4.0.10.11
- version/phpmyadmin/4.0.10.12
- version/phpmyadmin/4.0.10.13
- version/phpmyadmin/4.0.10.14
- version/phpmyadmin/4.0.10.15
- version/phpmyadmin/4.6.0
- version/phpmyadmin/4.6.0-alpha1
- version/phpmyadmin/4.6.0-rc1
- version/phpmyadmin/4.6.0-rc2
- version/phpmyadmin/4.6.1
- version/phpmyadmin/4.6.2
- vendor/opensuse
- canonical/suse linux
- version/suse linux/42.1
- version/suse linux/13.1
- version/suse linux/13.2
- version/phpmyadmin/4.4.0
- version/phpmyadmin/4.4.1
- version/phpmyadmin/4.4.1.1
- version/phpmyadmin/4.4.2
- version/phpmyadmin/4.4.3
- version/phpmyadmin/4.4.4
- version/phpmyadmin/4.4.5
- version/phpmyadmin/4.4.6
- version/phpmyadmin/4.4.6.1
- version/phpmyadmin/4.4.7
- version/phpmyadmin/4.4.8
- version/phpmyadmin/4.4.9
- version/phpmyadmin/4.4.10
- version/phpmyadmin/4.4.11
- version/phpmyadmin/4.4.12
- version/phpmyadmin/4.4.13
- version/phpmyadmin/4.4.13.1
- version/phpmyadmin/4.4.14.1
- version/phpmyadmin/4.4.15
- version/phpmyadmin/4.4.15.1
- version/phpmyadmin/4.4.15.2
- version/phpmyadmin/4.4.15.3
- version/phpmyadmin/4.4.15.4
- version/phpmyadmin/4.4.15.5
- version/phpmyadmin/4.4.15.6