What is the severity of CVE-2016-9860?

CVE-2016-9860 has a severity rating of medium, as it allows for denial of service attacks by unauthenticated users.

How do I fix CVE-2016-9860?

To fix CVE-2016-9860, update phpMyAdmin to version 4.6.5 or later, or apply the appropriate security patch.

What versions of phpMyAdmin are affected by CVE-2016-9860?

CVE-2016-9860 affects phpMyAdmin versions 4.6.x prior to 4.6.5, 4.4.x prior to 4.4.15.9, and 4.0.x prior to 4.0.10.18.

Is CVE-2016-9860 remote exploitable?

Yes, CVE-2016-9860 can be exploited remotely by an unauthenticated user to execute a denial of service attack.

What should I do if I can't update phpMyAdmin to fix CVE-2016-9860?

If unable to update phpMyAdmin, ensure that the configuration does not allow arbitrary server connections by setting $cfg['AllowArbitraryServer'] to false.

Vulnerability/
CVE-2016-9860

medium

5.9

CWE

11/12/2016

17/5/2022

6/8/2024

CVE-2016-9860: Input Validation

First published: Sun Dec 11 2016(Updated: )

An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
composer/phpmyadmin/phpmyadmin	>=4.0<4.0.10.18	4.0.10.18
composer/phpmyadmin/phpmyadmin	>=4.4<4.4.15.9	4.4.15.9
composer/phpmyadmin/phpmyadmin	>=4.6<4.6.5	4.6.5
PhpMyAdmin	=4.6.0
PhpMyAdmin	=4.6.1
PhpMyAdmin	=4.6.2
PhpMyAdmin	=4.6.3
PhpMyAdmin	=4.6.4
PhpMyAdmin	=4.0.0
PhpMyAdmin	=4.0.1
PhpMyAdmin	=4.0.2
PhpMyAdmin	=4.0.3
PhpMyAdmin	=4.0.4
PhpMyAdmin	=4.0.4.1
PhpMyAdmin	=4.0.4.2
PhpMyAdmin	=4.0.5
PhpMyAdmin	=4.0.6
PhpMyAdmin	=4.0.7
PhpMyAdmin	=4.0.8
PhpMyAdmin	=4.0.9
PhpMyAdmin	=4.0.10
PhpMyAdmin	=4.0.10.1
PhpMyAdmin	=4.0.10.2
PhpMyAdmin	=4.0.10.3
PhpMyAdmin	=4.0.10.4
PhpMyAdmin	=4.0.10.5
PhpMyAdmin	=4.0.10.6
PhpMyAdmin	=4.0.10.7
PhpMyAdmin	=4.0.10.8
PhpMyAdmin	=4.0.10.9
PhpMyAdmin	=4.0.10.10
PhpMyAdmin	=4.0.10.11
PhpMyAdmin	=4.0.10.12
PhpMyAdmin	=4.0.10.13
PhpMyAdmin	=4.0.10.14
PhpMyAdmin	=4.0.10.15
PhpMyAdmin	=4.0.10.16
PhpMyAdmin	=4.0.10.17
PhpMyAdmin	=4.4.0
PhpMyAdmin	=4.4.1
PhpMyAdmin	=4.4.1.1
PhpMyAdmin	=4.4.2
PhpMyAdmin	=4.4.3
PhpMyAdmin	=4.4.4
PhpMyAdmin	=4.4.5
PhpMyAdmin	=4.4.6
PhpMyAdmin	=4.4.6.1
PhpMyAdmin	=4.4.7
PhpMyAdmin	=4.4.8
PhpMyAdmin	=4.4.9
PhpMyAdmin	=4.4.10
PhpMyAdmin	=4.4.11
PhpMyAdmin	=4.4.12
PhpMyAdmin	=4.4.13
PhpMyAdmin	=4.4.13.1
PhpMyAdmin	=4.4.14
PhpMyAdmin	=4.4.14.1
PhpMyAdmin	=4.4.15
PhpMyAdmin	=4.4.15.1
PhpMyAdmin	=4.4.15.2
PhpMyAdmin	=4.4.15.3
PhpMyAdmin	=4.4.15.4
PhpMyAdmin	=4.4.15.5
PhpMyAdmin	=4.4.15.6
PhpMyAdmin	=4.4.15.7
PhpMyAdmin	=4.4.15.8

Remedy

https://www.phpmyadmin.net/security/PMASA-2016-65

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-9860?
CVE-2016-9860 has a severity rating of medium, as it allows for denial of service attacks by unauthenticated users.
How do I fix CVE-2016-9860?
To fix CVE-2016-9860, update phpMyAdmin to version 4.6.5 or later, or apply the appropriate security patch.
What versions of phpMyAdmin are affected by CVE-2016-9860?
CVE-2016-9860 affects phpMyAdmin versions 4.6.x prior to 4.6.5, 4.4.x prior to 4.4.15.9, and 4.0.x prior to 4.0.10.18.
Is CVE-2016-9860 remote exploitable?
Yes, CVE-2016-9860 can be exploited remotely by an unauthenticated user to execute a denial of service attack.
What should I do if I can't update phpMyAdmin to fix CVE-2016-9860?
If unable to update phpMyAdmin, ensure that the configuration does not allow arbitrary server connections by setting $cfg['AllowArbitraryServer'] to false.

agent/type
collector/github-advisory-latest
source/GitHub
alias/GHSA-3hw5-fffc-qrg4
alias/CVE-2016-9860
agent/software-canonical-lookup
agent/remedy
agent/severity
agent/references
agent/weakness
agent/description
agent/author
agent/softwarecombine
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/composer
vendor/phpmyadmin
canonical/phpmyadmin
version/phpmyadmin/4.6.0
version/phpmyadmin/4.6.1
version/phpmyadmin/4.6.2
version/phpmyadmin/4.6.3
version/phpmyadmin/4.6.4
version/phpmyadmin/4.0.0
version/phpmyadmin/4.0.1
version/phpmyadmin/4.0.2
version/phpmyadmin/4.0.3
version/phpmyadmin/4.0.4
version/phpmyadmin/4.0.4.1
version/phpmyadmin/4.0.4.2
version/phpmyadmin/4.0.5
version/phpmyadmin/4.0.6
version/phpmyadmin/4.0.7
version/phpmyadmin/4.0.8
version/phpmyadmin/4.0.9
version/phpmyadmin/4.0.10
version/phpmyadmin/4.0.10.1
version/phpmyadmin/4.0.10.2
version/phpmyadmin/4.0.10.3
version/phpmyadmin/4.0.10.4
version/phpmyadmin/4.0.10.5
version/phpmyadmin/4.0.10.6
version/phpmyadmin/4.0.10.7
version/phpmyadmin/4.0.10.8
version/phpmyadmin/4.0.10.9
version/phpmyadmin/4.0.10.10
version/phpmyadmin/4.0.10.11
version/phpmyadmin/4.0.10.12
version/phpmyadmin/4.0.10.13
version/phpmyadmin/4.0.10.14
version/phpmyadmin/4.0.10.15
version/phpmyadmin/4.0.10.16
version/phpmyadmin/4.0.10.17
version/phpmyadmin/4.4.0
version/phpmyadmin/4.4.1
version/phpmyadmin/4.4.1.1
version/phpmyadmin/4.4.2
version/phpmyadmin/4.4.3
version/phpmyadmin/4.4.4
version/phpmyadmin/4.4.5
version/phpmyadmin/4.4.6
version/phpmyadmin/4.4.6.1
version/phpmyadmin/4.4.7
version/phpmyadmin/4.4.8
version/phpmyadmin/4.4.9
version/phpmyadmin/4.4.10
version/phpmyadmin/4.4.11
version/phpmyadmin/4.4.12
version/phpmyadmin/4.4.13
version/phpmyadmin/4.4.13.1
version/phpmyadmin/4.4.14
version/phpmyadmin/4.4.14.1
version/phpmyadmin/4.4.15
version/phpmyadmin/4.4.15.1
version/phpmyadmin/4.4.15.2
version/phpmyadmin/4.4.15.3
version/phpmyadmin/4.4.15.4
version/phpmyadmin/4.4.15.5
version/phpmyadmin/4.4.15.6
version/phpmyadmin/4.4.15.7
version/phpmyadmin/4.4.15.8