VDB
GCVE-110-MAGEIA-2016-240
GCVE-110-MAGEIA-2016-240
Advisory Published
In phpMyAdmin before 4.4.15.7, a vulnerability was discovered that allows
a BBCode injection to setup script in case it's not accessed on https
(CVE-2016-5701).
In phpMyAdmin before 4.4.15.7, a vulnerability was discovered that allows
an SQL injection attack to run arbitrary commands as the control user
(CVE-2016-5703).
In phpMyAdmin before 4.4.15.7, XSS vulnerabilities were discovered in the
user privileges page, the error console, and the central columns, query
bookmarks, and user groups features (CVE-2016-5705).
In phpMyAdmin before 4.4.15.7, a Denial Of Service (DOS) attack was
discovered in the way phpMyAdmin loads some JavaScript files
(CVE-2016-5706).
In phpMyAdmin before 4.4.15.7, by specially crafting requests in the
following areas, it is possible to trigger phpMyAdmin to display a PHP
error message which contains the full path of the directory where
phpMyAdmin is installed (CVE-2016-5730).
In phpMyAdmin before 4.4.15.7, with a specially crafted request, it is
possible to trigger an XSS attack through the example OpenID
authentication script (CVE-2016-5731).
In phpMyAdmin before 4.4.15.7, XSS vulnerabilities were found through
specially crafted databases, in AJAX error handling, and in the
Transformation, Designer, charts, and zoom search features
(CVE-2016-5733).
In phpMyAdmin before 4.4.15.7, a vulnerability was reported where a
specially crafted Transformation could be used to leak information
including the authentication token. This could be used to direct a CSRF
attack against a user (CVE-2016-5739).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | phpmyadmin | 0 (affected), 4.4.15.7-1.mga5 (unaffected) | — |
References
Browse GCVE Records
73,734 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.