Fluid Attacks Database

Description

phpMyAdmin XSS Vulnerability An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	phpmyadmin/phpmyadmin	>=4.6 <4.6.5 \|\| >=4.4 <4.4.15.9 \|\| >=4.0 <4.0.10.18	4.6.5, 4.4.15.9, 4.0.10.18
alpine v3.2	phpmyadmin	=3.3.10-r0 \|\| =3.3.10-r1 \|\| =3.3.10-r2 \|\| =3.4.11.1-r0 \|\| =3.4.9-r0 \|\| =4.0.0-r0 \|\| =4.0.1-r0 \|\| =4.0.10-r0 \|\| =4.0.2-r0 \|\| =4.0.3-r0 \|\| =4.0.4.1-r0 \|\| =4.0.4.2-r0 \|\| =4.0.5-r0 \|\| =4.0.6-r0 \|\| =4.0.7-r0 \|\| =4.0.8-r0 \|\| =4.0.8-r1 \|\| =4.0.8-r2 \|\| =4.0.9-r0 \|\| =4.1.11-r0 \|\| =4.1.12-r0 \|\| =4.1.13-r0 \|\| =4.1.14-r0 \|\| =4.1.4-r0 \|\| =4.1.5-r0 \|\| =4.1.6-r0 \|\| =4.1.7-r0 \|\| =4.1.8-r0 \|\| =4.1.9-r0 \|\| =4.2.0-r0 \|\| =4.2.1-r0 \|\| =4.2.10-r0 \|\| =4.2.10.1-r0 \|\| =4.2.11-r0 \|\| =4.2.12-r0 \|\| =4.2.13.1-r0 \|\| =4.2.2-r0 \|\| =4.2.3-r0 \|\| =4.2.4-r0 \|\| =4.2.5-r0 \|\| =4.2.6-r0 \|\| =4.2.7-r0 \|\| =4.2.7.1-r0 \|\| =4.2.8-r0 \|\| =4.2.8.1-r0 \|\| =4.2.9-r0 \|\| =4.2.9.1-r0 \|\| =4.3.0-r0 \|\| =4.3.1-r0 \|\| =4.3.10-r0 \|\| =4.3.11.1-r0 \|\| =4.3.12-r0 \|\| =4.3.13-r0 \|\| =4.3.3-r0 \|\| =4.3.4-r0 \|\| =4.3.5-r0 \|\| =4.3.7-r0 \|\| =4.3.8-r0 \|\| =4.3.9-r0 \|\| =4.4.1.1-r0 \|\| =4.4.15-r0 \|\| =4.4.15.1-r0 \|\| =4.4.15.4-r0 \|\| =4.4.15.7-r0 \|\| =4.4.15.8-r0 \|\| =4.4.3-r0 \|\| =4.4.4-r0 \|\| =4.4.5-r0 \|\| =4.4.7-r0 \|\| >=0 <4.4.15.9-r0	4.4.15.9-r0
debian 11	phpmyadmin	>=0 <4:4.6.5.1-1	4:4.6.5.1-1
debian 12	phpmyadmin	>=0 <4:4.6.5.1-1	4:4.6.5.1-1
debian 13	phpmyadmin	>=0 <4:4.6.5.1-1	4:4.6.5.1-1
alpine v3.4	phpmyadmin	=3.3.10-r0 \|\| =3.3.10-r1 \|\| =3.3.10-r2 \|\| =3.4.11.1-r0 \|\| =3.4.9-r0 \|\| =4.0.0-r0 \|\| =4.0.1-r0 \|\| =4.0.10-r0 \|\| =4.0.2-r0 \|\| =4.0.3-r0 \|\| =4.0.4.1-r0 \|\| =4.0.4.2-r0 \|\| =4.0.5-r0 \|\| =4.0.6-r0 \|\| =4.0.7-r0 \|\| =4.0.8-r0 \|\| =4.0.8-r1 \|\| =4.0.8-r2 \|\| =4.0.9-r0 \|\| =4.1.11-r0 \|\| =4.1.12-r0 \|\| =4.1.13-r0 \|\| =4.1.14-r0 \|\| =4.1.4-r0 \|\| =4.1.5-r0 \|\| =4.1.6-r0 \|\| =4.1.7-r0 \|\| =4.1.8-r0 \|\| =4.1.9-r0 \|\| =4.2.0-r0 \|\| =4.2.1-r0 \|\| =4.2.10-r0 \|\| =4.2.10.1-r0 \|\| =4.2.11-r0 \|\| =4.2.12-r0 \|\| =4.2.13.1-r0 \|\| =4.2.2-r0 \|\| =4.2.3-r0 \|\| =4.2.4-r0 \|\| =4.2.5-r0 \|\| =4.2.6-r0 \|\| =4.2.7-r0 \|\| =4.2.7.1-r0 \|\| =4.2.8-r0 \|\| =4.2.8.1-r0 \|\| =4.2.9-r0 \|\| =4.2.9.1-r0 \|\| =4.3.0-r0 \|\| =4.3.1-r0 \|\| =4.3.10-r0 \|\| =4.3.11.1-r0 \|\| =4.3.12-r0 \|\| =4.3.13-r0 \|\| =4.3.3-r0 \|\| =4.3.4-r0 \|\| =4.3.5-r0 \|\| =4.3.7-r0 \|\| =4.3.8-r0 \|\| =4.3.9-r0 \|\| =4.4.1.1-r0 \|\| =4.4.10-r0 \|\| =4.4.12-r0 \|\| =4.4.15-r0 \|\| =4.4.3-r0 \|\| =4.4.4-r0 \|\| =4.4.5-r0 \|\| =4.4.7-r0 \|\| =4.4.9-r0 \|\| =4.5.0.2-r0 \|\| =4.5.1-r0 \|\| =4.5.4-r0 \|\| =4.5.4.1-r0 \|\| =4.5.5-r0 \|\| =4.5.5.1-r0 \|\| =4.6.0-r0 \|\| =4.6.0-r1 \|\| =4.6.1-r0 \|\| =4.6.2-r0 \|\| =4.6.3-r0 \|\| =4.6.4-r0 \|\| >=0 <4.6.5.2-r0	4.6.5.2-r0

Aliases

1. CVE-2016-98562. NVD-2016-98563. OSV-2016-98564. OSV-ALPINE-2016-98565. OSV-DEBIAN-2016-98566. GCVE-2016-98567. security.gentoo.org8. SECURITY-CVE-2016-98569. SECURITY-TRACKER-CVE-2016-9856

References

1. https://web.archive.org/web/20210123194716/http://www.securityfocus.com/bid/945302. https://www.phpmyadmin.net/security/PMASA-2016-64