What is the severity of CVE-2016-6627?

CVE-2016-6627 has a medium severity rating due to its ability to leak information about the phpMyAdmin host location.

How do I fix CVE-2016-6627?

To fix CVE-2016-6627, upgrade phpMyAdmin to version 4.6.4 or later, or 4.4.15.8, or 4.0.10.17 or later.

Which versions of phpMyAdmin are affected by CVE-2016-6627?

All versions of phpMyAdmin 4.6.x prior to 4.6.4, 4.4.x prior to 4.4.15.8, and 4.0.x prior to 4.0.10.17 are affected.

What potential impact does CVE-2016-6627 have on phpMyAdmin?

CVE-2016-6627 may allow an attacker to determine the host location of the phpMyAdmin installation.

Is there a workaround for CVE-2016-6627 if I cannot update phpMyAdmin?

If you cannot update phpMyAdmin, limiting access to the url.php file through server configurations may help mitigate the risk.

Vulnerability/
CVE-2016-6627

medium

5.3

CWE

200

11/12/2016

6/8/2024

CVE-2016-6627: Infoleak

First published: Sun Dec 11 2016(Updated: )

An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
PhpMyAdmin	=4.0.0
PhpMyAdmin	=4.0.1
PhpMyAdmin	=4.0.2
PhpMyAdmin	=4.0.3
PhpMyAdmin	=4.0.4
PhpMyAdmin	=4.0.4.1
PhpMyAdmin	=4.0.4.2
PhpMyAdmin	=4.0.5
PhpMyAdmin	=4.0.6
PhpMyAdmin	=4.0.7
PhpMyAdmin	=4.0.8
PhpMyAdmin	=4.0.9
PhpMyAdmin	=4.0.10
PhpMyAdmin	=4.0.10.1
PhpMyAdmin	=4.0.10.2
PhpMyAdmin	=4.0.10.3
PhpMyAdmin	=4.0.10.4
PhpMyAdmin	=4.0.10.5
PhpMyAdmin	=4.0.10.6
PhpMyAdmin	=4.0.10.7
PhpMyAdmin	=4.0.10.8
PhpMyAdmin	=4.0.10.9
PhpMyAdmin	=4.0.10.10
PhpMyAdmin	=4.0.10.11
PhpMyAdmin	=4.0.10.12
PhpMyAdmin	=4.0.10.13
PhpMyAdmin	=4.0.10.14
PhpMyAdmin	=4.0.10.15
PhpMyAdmin	=4.0.10.16
PhpMyAdmin	=4.4.0
PhpMyAdmin	=4.4.1
PhpMyAdmin	=4.4.1.1
PhpMyAdmin	=4.4.2
PhpMyAdmin	=4.4.3
PhpMyAdmin	=4.4.4
PhpMyAdmin	=4.4.5
PhpMyAdmin	=4.4.6
PhpMyAdmin	=4.4.6.1
PhpMyAdmin	=4.4.7
PhpMyAdmin	=4.4.8
PhpMyAdmin	=4.4.9
PhpMyAdmin	=4.4.10
PhpMyAdmin	=4.4.11
PhpMyAdmin	=4.4.12
PhpMyAdmin	=4.4.13
PhpMyAdmin	=4.4.13.1
PhpMyAdmin	=4.4.14
PhpMyAdmin	=4.4.14.1
PhpMyAdmin	=4.4.15
PhpMyAdmin	=4.4.15.1
PhpMyAdmin	=4.4.15.2
PhpMyAdmin	=4.4.15.3
PhpMyAdmin	=4.4.15.4
PhpMyAdmin	=4.4.15.5
PhpMyAdmin	=4.4.15.6
PhpMyAdmin	=4.4.15.7
PhpMyAdmin	=4.6.0
PhpMyAdmin	=4.6.1
PhpMyAdmin	=4.6.2
PhpMyAdmin	=4.6.3

Remedy

https://www.phpmyadmin.net/security/PMASA-2016-50

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-6627?
CVE-2016-6627 has a medium severity rating due to its ability to leak information about the phpMyAdmin host location.
How do I fix CVE-2016-6627?
To fix CVE-2016-6627, upgrade phpMyAdmin to version 4.6.4 or later, or 4.4.15.8, or 4.0.10.17 or later.
Which versions of phpMyAdmin are affected by CVE-2016-6627?
All versions of phpMyAdmin 4.6.x prior to 4.6.4, 4.4.x prior to 4.4.15.8, and 4.0.x prior to 4.0.10.17 are affected.
What potential impact does CVE-2016-6627 have on phpMyAdmin?
CVE-2016-6627 may allow an attacker to determine the host location of the phpMyAdmin installation.
Is there a workaround for CVE-2016-6627 if I cannot update phpMyAdmin?
If you cannot update phpMyAdmin, limiting access to the url.php file through server configurations may help mitigate the risk.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/weakness
agent/author
agent/remedy
agent/event
agent/description
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/phpmyadmin
canonical/phpmyadmin
version/phpmyadmin/4.0.0
version/phpmyadmin/4.0.1
version/phpmyadmin/4.0.2
version/phpmyadmin/4.0.3
version/phpmyadmin/4.0.4
version/phpmyadmin/4.0.4.1
version/phpmyadmin/4.0.4.2
version/phpmyadmin/4.0.5
version/phpmyadmin/4.0.6
version/phpmyadmin/4.0.7
version/phpmyadmin/4.0.8
version/phpmyadmin/4.0.9
version/phpmyadmin/4.0.10
version/phpmyadmin/4.0.10.1
version/phpmyadmin/4.0.10.2
version/phpmyadmin/4.0.10.3
version/phpmyadmin/4.0.10.4
version/phpmyadmin/4.0.10.5
version/phpmyadmin/4.0.10.6
version/phpmyadmin/4.0.10.7
version/phpmyadmin/4.0.10.8
version/phpmyadmin/4.0.10.9
version/phpmyadmin/4.0.10.10
version/phpmyadmin/4.0.10.11
version/phpmyadmin/4.0.10.12
version/phpmyadmin/4.0.10.13
version/phpmyadmin/4.0.10.14
version/phpmyadmin/4.0.10.15
version/phpmyadmin/4.0.10.16
version/phpmyadmin/4.4.0
version/phpmyadmin/4.4.1
version/phpmyadmin/4.4.1.1
version/phpmyadmin/4.4.2
version/phpmyadmin/4.4.3
version/phpmyadmin/4.4.4
version/phpmyadmin/4.4.5
version/phpmyadmin/4.4.6
version/phpmyadmin/4.4.6.1
version/phpmyadmin/4.4.7
version/phpmyadmin/4.4.8
version/phpmyadmin/4.4.9
version/phpmyadmin/4.4.10
version/phpmyadmin/4.4.11
version/phpmyadmin/4.4.12
version/phpmyadmin/4.4.13
version/phpmyadmin/4.4.13.1
version/phpmyadmin/4.4.14
version/phpmyadmin/4.4.14.1
version/phpmyadmin/4.4.15
version/phpmyadmin/4.4.15.1
version/phpmyadmin/4.4.15.2
version/phpmyadmin/4.4.15.3
version/phpmyadmin/4.4.15.4
version/phpmyadmin/4.4.15.5
version/phpmyadmin/4.4.15.6
version/phpmyadmin/4.4.15.7
version/phpmyadmin/4.6.0
version/phpmyadmin/4.6.1
version/phpmyadmin/4.6.2
version/phpmyadmin/4.6.3