Fluid Attacks Database

Description

phpMyAdmin server-side request forgery (SSRF) The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	phpmyadmin/phpmyadmin	>=4.6.0 <4.6.6 \|\| >=4.4.0 <4.4.15.10 \|\| >=0 <4.0.10.19	4.6.6, 4.4.15.10, 4.0.10.19
debian 13	phpmyadmin	>=0 <4:4.6.6-1	4:4.6.6-1
debian 12	phpmyadmin	>=0 <4:4.6.6-1	4:4.6.6-1
debian 11	phpmyadmin	>=0 <4:4.6.6-1	4:4.6.6-1

Aliases

1. CVE-2016-66212. NVD-2016-66213. OSV-2016-66214. OSV-DEBIAN-2016-66215. GCVE-2016-66216. lists.debian.org7. SECURITY-TRACKER-CVE-2016-6621

References

1. https://www.phpmyadmin.net/security/PMASA-2016-44