CVE-2016-6632
First published: Sun Dec 11 2016(Updated: )
An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/phpmyadmin/phpmyadmin | >=4.0<4.0.10.17 | 4.0.10.17 |
| composer/phpmyadmin/phpmyadmin | >=4.4<4.4.15.8 | 4.4.15.8 |
| composer/phpmyadmin/phpmyadmin | >=4.6<4.6.4 | 4.6.4 |
| PhpMyAdmin | =4.6.0 | |
| PhpMyAdmin | =4.6.1 | |
| PhpMyAdmin | =4.6.2 | |
| PhpMyAdmin | =4.6.3 | |
| PhpMyAdmin | =4.0.0 | |
| PhpMyAdmin | =4.0.1 | |
| PhpMyAdmin | =4.0.2 | |
| PhpMyAdmin | =4.0.3 | |
| PhpMyAdmin | =4.0.4 | |
| PhpMyAdmin | =4.0.4.1 | |
| PhpMyAdmin | =4.0.4.2 | |
| PhpMyAdmin | =4.0.5 | |
| PhpMyAdmin | =4.0.6 | |
| PhpMyAdmin | =4.0.7 | |
| PhpMyAdmin | =4.0.8 | |
| PhpMyAdmin | =4.0.9 | |
| PhpMyAdmin | =4.0.10 | |
| PhpMyAdmin | =4.0.10.1 | |
| PhpMyAdmin | =4.0.10.2 | |
| PhpMyAdmin | =4.0.10.3 | |
| PhpMyAdmin | =4.0.10.4 | |
| PhpMyAdmin | =4.0.10.5 | |
| PhpMyAdmin | =4.0.10.6 | |
| PhpMyAdmin | =4.0.10.7 | |
| PhpMyAdmin | =4.0.10.8 | |
| PhpMyAdmin | =4.0.10.9 | |
| PhpMyAdmin | =4.0.10.10 | |
| PhpMyAdmin | =4.0.10.11 | |
| PhpMyAdmin | =4.0.10.12 | |
| PhpMyAdmin | =4.0.10.13 | |
| PhpMyAdmin | =4.0.10.14 | |
| PhpMyAdmin | =4.0.10.15 | |
| PhpMyAdmin | =4.0.10.16 | |
| PhpMyAdmin | =4.4.0 | |
| PhpMyAdmin | =4.4.1 | |
| PhpMyAdmin | =4.4.1.1 | |
| PhpMyAdmin | =4.4.2 | |
| PhpMyAdmin | =4.4.3 | |
| PhpMyAdmin | =4.4.4 | |
| PhpMyAdmin | =4.4.5 | |
| PhpMyAdmin | =4.4.6 | |
| PhpMyAdmin | =4.4.6.1 | |
| PhpMyAdmin | =4.4.7 | |
| PhpMyAdmin | =4.4.8 | |
| PhpMyAdmin | =4.4.9 | |
| PhpMyAdmin | =4.4.10 | |
| PhpMyAdmin | =4.4.11 | |
| PhpMyAdmin | =4.4.12 | |
| PhpMyAdmin | =4.4.13 | |
| PhpMyAdmin | =4.4.13.1 | |
| PhpMyAdmin | =4.4.14 | |
| PhpMyAdmin | =4.4.14.1 | |
| PhpMyAdmin | =4.4.15 | |
| PhpMyAdmin | =4.4.15.1 | |
| PhpMyAdmin | =4.4.15.2 | |
| PhpMyAdmin | =4.4.15.3 | |
| PhpMyAdmin | =4.4.15.4 | |
| PhpMyAdmin | =4.4.15.5 | |
| PhpMyAdmin | =4.4.15.6 | |
| PhpMyAdmin | =4.4.15.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/92497
- https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html
- https://security.gentoo.org/glsa/201701-32
- https://www.phpmyadmin.net/security/PMASA-2016-55
- https://nvd.nist.gov/vuln/detail/CVE-2016-6632
- https://github.com/advisories/GHSA-426q-975p-w5cr (Advisory)
Frequently Asked Questions
What is the severity of CVE-2016-6632?
CVE-2016-6632 has been classified as a medium severity vulnerability.
How do I fix CVE-2016-6632?
To fix CVE-2016-6632, update phpMyAdmin to version 4.6.4 or later, or 4.4.15.8 or later, or 4.0.10.17 or later.
What versions are affected by CVE-2016-6632?
CVE-2016-6632 affects phpMyAdmin versions 4.6.x prior to 4.6.4, 4.4.x prior to 4.4.15.8, and 4.0.x prior to 4.0.10.17.
What kind of issue does CVE-2016-6632 represent?
CVE-2016-6632 represents an issue where temporary files may not be deleted during the import of ESRI files.
Can CVE-2016-6632 be exploited remotely?
Yes, CVE-2016-6632 can potentially be exploited remotely if the affected versions of phpMyAdmin are exposed to the internet.
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-426q-975p-w5cr
- alias/CVE-2016-6632
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/remedy
- agent/references
- agent/description
- agent/author
- agent/softwarecombine
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- package-manager/composer
- vendor/phpmyadmin
- canonical/phpmyadmin
- version/phpmyadmin/4.6.0
- version/phpmyadmin/4.6.1
- version/phpmyadmin/4.6.2
- version/phpmyadmin/4.6.3
- version/phpmyadmin/4.0.0
- version/phpmyadmin/4.0.1
- version/phpmyadmin/4.0.2
- version/phpmyadmin/4.0.3
- version/phpmyadmin/4.0.4
- version/phpmyadmin/4.0.4.1
- version/phpmyadmin/4.0.4.2
- version/phpmyadmin/4.0.5
- version/phpmyadmin/4.0.6
- version/phpmyadmin/4.0.7
- version/phpmyadmin/4.0.8
- version/phpmyadmin/4.0.9
- version/phpmyadmin/4.0.10
- version/phpmyadmin/4.0.10.1
- version/phpmyadmin/4.0.10.2
- version/phpmyadmin/4.0.10.3
- version/phpmyadmin/4.0.10.4
- version/phpmyadmin/4.0.10.5
- version/phpmyadmin/4.0.10.6
- version/phpmyadmin/4.0.10.7
- version/phpmyadmin/4.0.10.8
- version/phpmyadmin/4.0.10.9
- version/phpmyadmin/4.0.10.10
- version/phpmyadmin/4.0.10.11
- version/phpmyadmin/4.0.10.12
- version/phpmyadmin/4.0.10.13
- version/phpmyadmin/4.0.10.14
- version/phpmyadmin/4.0.10.15
- version/phpmyadmin/4.0.10.16
- version/phpmyadmin/4.4.0
- version/phpmyadmin/4.4.1
- version/phpmyadmin/4.4.1.1
- version/phpmyadmin/4.4.2
- version/phpmyadmin/4.4.3
- version/phpmyadmin/4.4.4
- version/phpmyadmin/4.4.5
- version/phpmyadmin/4.4.6
- version/phpmyadmin/4.4.6.1
- version/phpmyadmin/4.4.7
- version/phpmyadmin/4.4.8
- version/phpmyadmin/4.4.9
- version/phpmyadmin/4.4.10
- version/phpmyadmin/4.4.11
- version/phpmyadmin/4.4.12
- version/phpmyadmin/4.4.13
- version/phpmyadmin/4.4.13.1
- version/phpmyadmin/4.4.14
- version/phpmyadmin/4.4.14.1
- version/phpmyadmin/4.4.15
- version/phpmyadmin/4.4.15.1
- version/phpmyadmin/4.4.15.2
- version/phpmyadmin/4.4.15.3
- version/phpmyadmin/4.4.15.4
- version/phpmyadmin/4.4.15.5
- version/phpmyadmin/4.4.15.6
- version/phpmyadmin/4.4.15.7