fkie_cve-2016-2560
Vulnerability from fkie_nvd
Published
2016-03-01 11:59
Modified
2025-04-12 10:46
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page.
References
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2016-03/msg00018.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2016-03/msg00020.html
cve@mitre.orghttp://www.debian.org/security/2016/dsa-3627
cve@mitre.orghttps://github.com/phpmyadmin/phpmyadmin/commit/38fa1191049ac0c626a6684eea52068dfbbb5078Patch
cve@mitre.orghttps://github.com/phpmyadmin/phpmyadmin/commit/41c4e0214c286f28830cca54423b5db57e7c0ce4Patch
cve@mitre.orghttps://github.com/phpmyadmin/phpmyadmin/commit/7877a9c0084bf8ae15cbd8d2729b126271f682ccPatch
cve@mitre.orghttps://github.com/phpmyadmin/phpmyadmin/commit/ab1283e8366c97a155d4e9ae58628a248458ea32Patch
cve@mitre.orghttps://github.com/phpmyadmin/phpmyadmin/commit/c842a0de9288033d25404d1d6eb22dd83033675fPatch
cve@mitre.orghttps://www.phpmyadmin.net/security/PMASA-2016-11/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2016-03/msg00018.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2016-03/msg00020.html
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2016/dsa-3627
af854a3a-2127-422b-91ae-364da2661108https://github.com/phpmyadmin/phpmyadmin/commit/38fa1191049ac0c626a6684eea52068dfbbb5078Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/phpmyadmin/phpmyadmin/commit/41c4e0214c286f28830cca54423b5db57e7c0ce4Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/phpmyadmin/phpmyadmin/commit/7877a9c0084bf8ae15cbd8d2729b126271f682ccPatch
af854a3a-2127-422b-91ae-364da2661108https://github.com/phpmyadmin/phpmyadmin/commit/ab1283e8366c97a155d4e9ae58628a248458ea32Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/phpmyadmin/phpmyadmin/commit/c842a0de9288033d25404d1d6eb22dd83033675fPatch
af854a3a-2127-422b-91ae-364da2661108https://www.phpmyadmin.net/security/PMASA-2016-11/Patch, Vendor Advisory
Impacted products
Vendor Product Version
phpmyadmin phpmyadmin 4.0.0
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.5.0
phpmyadmin phpmyadmin 4.5.0
phpmyadmin phpmyadmin 4.5.0
phpmyadmin phpmyadmin 4.5.0
phpmyadmin phpmyadmin 4.5.0.1
phpmyadmin phpmyadmin 4.5.0.2
phpmyadmin phpmyadmin 4.5.1
phpmyadmin phpmyadmin 4.5.2
phpmyadmin phpmyadmin 4.5.3
phpmyadmin phpmyadmin 4.5.3.1
phpmyadmin phpmyadmin 4.5.4
phpmyadmin phpmyadmin 4.5.4.1
phpmyadmin phpmyadmin 4.5.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F06DC95-76B1-4E24-A55F-1358A25ED0E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CA76CB4-6167-446A-8D4F-6D5B38046334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8D28655-7F37-474D-A4E2-772AF24B94E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FA1951E-BD85-42BF-BF7F-79A14D165914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D08BEE8-5ACF-438D-9F06-86C6227C9A5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58DD0910-DBBA-4858-B9B1-FA93D08323D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "50DA8EBE-52AA-45A5-A5FB-75AF84E415E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC8D93A3-8997-4EB9-A411-74B296D1341F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5A81B2-E16F-4AE2-9691-92D3E8A25CCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0245AF2D-F856-4CAA-A830-36D43026D1E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "00BD9E52-A6BB-48BB-9FEE-D0272AD9B6DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C69E253E-157D-45BA-A977-079A49F74A72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6325E2AE-BB86-4953-AA9E-0433C00B096E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C54B828-8B23-4C62-907E-8EE7E757B721",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DD18C8-172B-41CD-87DD-58BDEC0D9418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10666E30-D98A-47A9-881A-B281066F0EC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3993826B-CA66-4BC2-8E1B-06CF9230B214",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "14928F51-761E-4FCA-B13C-A11530C7FC46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB761644-20F5-4E0D-B301-7809EAECA813",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "896439D0-6C98-44A6-8C9D-0D57D57782D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "978B828C-1FCB-4386-B685-5BEE5A8A500C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "51A3261B-23BE-42D7-8A52-AE2E8C274A3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0B7EA51-27EC-4884-8D60-FB9477D2B91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6C9F2CC-778B-4604-B463-7A1D3FB8B9C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B20C44D-0EF1-48F2-B0AA-C8FF0BD9E252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "40F85FEC-427E-487D-997E-7EE359475876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C825978-7E00-4C20-A806-0B968AA589AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13CD0228-728B-437A-84C1-BD7AFA52FFB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFF55485-9892-4E7B-AEE0-017E61EAA7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6100FE3E-0A31-4B55-90F2-90AF765A8EB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBAAC8D9-AAA5-487C-B4AA-84BAE5DB109E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E06B1D3-29B4-45B7-B81F-C864AF579011",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B2E3923-0E2B-411A-B091-088E6FF050D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1848C748-804D-4FE4-AB9C-B1BF9E58A19C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "12296322-DFAD-4B36-83EC-D01BF5DF7F2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA321C14-C8F4-41FC-B601-2F646064ABBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "54DBCF86-0CE8-46C4-B2E7-E3224765CCFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BF3DBC5-7020-48D0-ADEA-E71776DB2285",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "317F952E-5F12-4ED3-8FA3-FC1106B50F85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "87B97F98-C0A7-4D9E-8333-7EE9EC456A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A1E753D-5653-4D7A-8E41-6C02511EBFCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "417230C7-0EC2-49F4-B810-A8AE84A302AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "103FEAB1-194E-4CEF-935A-4DBCCA298205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5814003-9FF8-4F8E-9D90-A2BBB80B8451",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6D742A8-B9D0-4BC0-8E3E-E0FDCC1083FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "16D28B77-9353-4259-9299-30638A78CCD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "C022292B-6E06-4328-842F-135A872D22AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F15F00FB-BB9B-4D54-B198-0A74D418B8DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC10AF20-7B65-4FAE-A2AD-783867D60A8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EB7190C-0401-4E2E-B15F-4CFC79D5A4E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BED20D9-C571-4BC5-9A54-450A364C6E43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4D7AAF1-64FF-40C9-90B2-DEC814157372",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "F90283AD-A616-403C-BE69-BCB2FD58A2CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "043B846F-4CDF-402A-B14A-B4949B1D403E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C7B52D3D-C5F0-4793-AFA3-C518400DB71C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "96D529F5-8870-4934-BCD8-E49095D21224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "296EB2FA-FCAD-4BD5-A015-62765407AFE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBD0DC7-64D0-42B1-8EEE-73A0214680F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6A15D1E-83ED-47EC-B17C-E6BCC49DE83D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4112ACFF-D40E-45BE-9307-F710E7B41ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B476503-1A1B-408B-9E66-1E4940090AA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7123D6E6-3AE7-4413-AD6E-0D68D44C6F94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "05A2EBE2-E55C-45DF-A74C-1B5F7E6EEC25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "909DFCAB-A44B-4EB8-B54D-066699AE760B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.15, 4.4.x en versiones anteriores a 4.4.15.5 y 4.5.x en versiones anteriores a 4.5.5.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de (1) una cabecera Host HTTP manipulada, relacionada con libraries/Config.class.php; (2) datos JSON manipulados, relacionados con file_echo.php; (3) una petici\u00f3n SQL manipulada, relacionada con js/functions.js; (4) el par\u00e1metro inicial en libraries/server_privileges.lib.php en la p\u00e1gina de cuentas de usuario; o (5) el par\u00e1metro it en libraries/controllers/TableSearchController.class.php en la p\u00e1gina zoom search."
    }
  ],
  "id": "CVE-2016-2560",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-03-01T11:59:02.237",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00018.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00020.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2016/dsa-3627"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/38fa1191049ac0c626a6684eea52068dfbbb5078"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/41c4e0214c286f28830cca54423b5db57e7c0ce4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/7877a9c0084bf8ae15cbd8d2729b126271f682cc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/ab1283e8366c97a155d4e9ae58628a248458ea32"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/c842a0de9288033d25404d1d6eb22dd83033675f"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.phpmyadmin.net/security/PMASA-2016-11/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2016/dsa-3627"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/38fa1191049ac0c626a6684eea52068dfbbb5078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/41c4e0214c286f28830cca54423b5db57e7c0ce4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/7877a9c0084bf8ae15cbd8d2729b126271f682cc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/ab1283e8366c97a155d4e9ae58628a248458ea32"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/c842a0de9288033d25404d1d6eb22dd83033675f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.phpmyadmin.net/security/PMASA-2016-11/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.