What is the severity of CVE-2016-9856?

CVE-2016-9856 has a medium severity, as it allows for cross-site scripting (XSS) attacks in vulnerable versions of phpMyAdmin.

How do I fix CVE-2016-9856?

To fix CVE-2016-9856, upgrade to phpMyAdmin version 4.6.5 or later, 4.4.15.9 or later, or 4.0.10.18 or later.

Which versions of phpMyAdmin are affected by CVE-2016-9856?

Versions 4.6.x prior to 4.6.5, 4.4.x prior to 4.4.15.9, and 4.0.x prior to 4.0.10.18 are all affected by CVE-2016-9856.

What type of vulnerability is CVE-2016-9856?

CVE-2016-9856 is a cross-site scripting (XSS) vulnerability due to improper validation in phpMyAdmin.

When was CVE-2016-9856 discovered?

CVE-2016-9856 was discovered in 2016 as an issue related to a previous fix for another vulnerability.

Vulnerability/
CVE-2016-9856

medium

6.1

CWE

79 362

11/12/2016

17/5/2022

6/8/2024

CVE-2016-9856: XSS

First published: Sun Dec 11 2016(Updated: )

An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
composer/phpmyadmin/phpmyadmin	>=4.0<4.0.10.18	4.0.10.18
composer/phpmyadmin/phpmyadmin	>=4.4<4.4.15.9	4.4.15.9
composer/phpmyadmin/phpmyadmin	>=4.6<4.6.5	4.6.5
PhpMyAdmin	=4.0.0
PhpMyAdmin	=4.0.1
PhpMyAdmin	=4.0.2
PhpMyAdmin	=4.0.3
PhpMyAdmin	=4.0.4
PhpMyAdmin	=4.0.4.1
PhpMyAdmin	=4.0.4.2
PhpMyAdmin	=4.0.5
PhpMyAdmin	=4.0.6
PhpMyAdmin	=4.0.7
PhpMyAdmin	=4.0.8
PhpMyAdmin	=4.0.9
PhpMyAdmin	=4.0.10
PhpMyAdmin	=4.0.10.1
PhpMyAdmin	=4.0.10.2
PhpMyAdmin	=4.0.10.3
PhpMyAdmin	=4.0.10.4
PhpMyAdmin	=4.0.10.5
PhpMyAdmin	=4.0.10.6
PhpMyAdmin	=4.0.10.7
PhpMyAdmin	=4.0.10.8
PhpMyAdmin	=4.0.10.9
PhpMyAdmin	=4.0.10.10
PhpMyAdmin	=4.0.10.11
PhpMyAdmin	=4.0.10.12
PhpMyAdmin	=4.0.10.13
PhpMyAdmin	=4.0.10.14
PhpMyAdmin	=4.0.10.15
PhpMyAdmin	=4.0.10.16
PhpMyAdmin	=4.0.10.17
PhpMyAdmin	=4.6.0
PhpMyAdmin	=4.6.1
PhpMyAdmin	=4.6.2
PhpMyAdmin	=4.6.3
PhpMyAdmin	=4.6.4
PhpMyAdmin	=4.4.0
PhpMyAdmin	=4.4.1
PhpMyAdmin	=4.4.1.1
PhpMyAdmin	=4.4.2
PhpMyAdmin	=4.4.3
PhpMyAdmin	=4.4.4
PhpMyAdmin	=4.4.5
PhpMyAdmin	=4.4.6
PhpMyAdmin	=4.4.6.1
PhpMyAdmin	=4.4.7
PhpMyAdmin	=4.4.8
PhpMyAdmin	=4.4.9
PhpMyAdmin	=4.4.10
PhpMyAdmin	=4.4.11
PhpMyAdmin	=4.4.12
PhpMyAdmin	=4.4.13
PhpMyAdmin	=4.4.13.1
PhpMyAdmin	=4.4.14
PhpMyAdmin	=4.4.14.1
PhpMyAdmin	=4.4.15
PhpMyAdmin	=4.4.15.1
PhpMyAdmin	=4.4.15.2
PhpMyAdmin	=4.4.15.3
PhpMyAdmin	=4.4.15.4
PhpMyAdmin	=4.4.15.5
PhpMyAdmin	=4.4.15.6
PhpMyAdmin	=4.4.15.7
PhpMyAdmin	=4.4.15.8

Remedy

https://www.phpmyadmin.net/security/PMASA-2016-64

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-9856?
CVE-2016-9856 has a medium severity, as it allows for cross-site scripting (XSS) attacks in vulnerable versions of phpMyAdmin.
How do I fix CVE-2016-9856?
To fix CVE-2016-9856, upgrade to phpMyAdmin version 4.6.5 or later, 4.4.15.9 or later, or 4.0.10.18 or later.
Which versions of phpMyAdmin are affected by CVE-2016-9856?
Versions 4.6.x prior to 4.6.5, 4.4.x prior to 4.4.15.9, and 4.0.x prior to 4.0.10.18 are all affected by CVE-2016-9856.
What type of vulnerability is CVE-2016-9856?
CVE-2016-9856 is a cross-site scripting (XSS) vulnerability due to improper validation in phpMyAdmin.
When was CVE-2016-9856 discovered?
CVE-2016-9856 was discovered in 2016 as an issue related to a previous fix for another vulnerability.

collector/github-advisory
alias/GHSA-j8mx-x32r-5rf4
alias/CVE-2016-9856
collector/github-advisory-latest
agent/weakness
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/remedy
agent/severity
agent/last-modified-date
agent/first-publish-date
agent/event
agent/description
agent/trending
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-cve
package-manager/composer
vendor/phpmyadmin
canonical/phpmyadmin
version/phpmyadmin/4.0.0
version/phpmyadmin/4.0.1
version/phpmyadmin/4.0.2
version/phpmyadmin/4.0.3
version/phpmyadmin/4.0.4
version/phpmyadmin/4.0.4.1
version/phpmyadmin/4.0.4.2
version/phpmyadmin/4.0.5
version/phpmyadmin/4.0.6
version/phpmyadmin/4.0.7
version/phpmyadmin/4.0.8
version/phpmyadmin/4.0.9
version/phpmyadmin/4.0.10
version/phpmyadmin/4.0.10.1
version/phpmyadmin/4.0.10.2
version/phpmyadmin/4.0.10.3
version/phpmyadmin/4.0.10.4
version/phpmyadmin/4.0.10.5
version/phpmyadmin/4.0.10.6
version/phpmyadmin/4.0.10.7
version/phpmyadmin/4.0.10.8
version/phpmyadmin/4.0.10.9
version/phpmyadmin/4.0.10.10
version/phpmyadmin/4.0.10.11
version/phpmyadmin/4.0.10.12
version/phpmyadmin/4.0.10.13
version/phpmyadmin/4.0.10.14
version/phpmyadmin/4.0.10.15
version/phpmyadmin/4.0.10.16
version/phpmyadmin/4.0.10.17
version/phpmyadmin/4.6.0
version/phpmyadmin/4.6.1
version/phpmyadmin/4.6.2
version/phpmyadmin/4.6.3
version/phpmyadmin/4.6.4
version/phpmyadmin/4.4.0
version/phpmyadmin/4.4.1
version/phpmyadmin/4.4.1.1
version/phpmyadmin/4.4.2
version/phpmyadmin/4.4.3
version/phpmyadmin/4.4.4
version/phpmyadmin/4.4.5
version/phpmyadmin/4.4.6
version/phpmyadmin/4.4.6.1
version/phpmyadmin/4.4.7
version/phpmyadmin/4.4.8
version/phpmyadmin/4.4.9
version/phpmyadmin/4.4.10
version/phpmyadmin/4.4.11
version/phpmyadmin/4.4.12
version/phpmyadmin/4.4.13
version/phpmyadmin/4.4.13.1
version/phpmyadmin/4.4.14
version/phpmyadmin/4.4.14.1
version/phpmyadmin/4.4.15
version/phpmyadmin/4.4.15.1
version/phpmyadmin/4.4.15.2
version/phpmyadmin/4.4.15.3
version/phpmyadmin/4.4.15.4
version/phpmyadmin/4.4.15.5
version/phpmyadmin/4.4.15.6
version/phpmyadmin/4.4.15.7
version/phpmyadmin/4.4.15.8