CVE-2016-6621

Published: Jan 31, 2017Modified: May 13, 2026

8.6

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 4.0

Source: NVD

Description

The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.

Affected (36)

Products: Phpmyadmin: Phpmyadmin

Phpmyadmin

1 product

Phpmyadmin

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phpmyadmin Phpmyadmin	Up to 4.0.10.18

Configuration B

27 vulnerable

Vulnerable Software	Affected Versions
Phpmyadmin Phpmyadmin	Version 4.4.0
Phpmyadmin Phpmyadmin	Version 4.4.1.1
Phpmyadmin Phpmyadmin	Version 4.4.10
Phpmyadmin Phpmyadmin	Version 4.4.11
Phpmyadmin Phpmyadmin	Version 4.4.12
Phpmyadmin Phpmyadmin	Version 4.4.13.1
Phpmyadmin Phpmyadmin	Version 4.4.13
Phpmyadmin Phpmyadmin	Version 4.4.14.1
Phpmyadmin Phpmyadmin	Version 4.4.15.1
Phpmyadmin Phpmyadmin	Version 4.4.15.2
Phpmyadmin Phpmyadmin	Version 4.4.15.3
Phpmyadmin Phpmyadmin	Version 4.4.15.4
Phpmyadmin Phpmyadmin	Version 4.4.15.5
Phpmyadmin Phpmyadmin	Version 4.4.15.6
Phpmyadmin Phpmyadmin	Version 4.4.15.8
Phpmyadmin Phpmyadmin	Version 4.4.15.9
Phpmyadmin Phpmyadmin	Version 4.4.15
Phpmyadmin Phpmyadmin	Version 4.4.1
Phpmyadmin Phpmyadmin	Version 4.4.2
Phpmyadmin Phpmyadmin	Version 4.4.3
Phpmyadmin Phpmyadmin	Version 4.4.4
Phpmyadmin Phpmyadmin	Version 4.4.5
Phpmyadmin Phpmyadmin	Version 4.4.6.1
Phpmyadmin Phpmyadmin	Version 4.4.6
Phpmyadmin Phpmyadmin	Version 4.4.7
Phpmyadmin Phpmyadmin	Version 4.4.8
Phpmyadmin Phpmyadmin	Version 4.4.9

Configuration C

8 vulnerable

Vulnerable Software	Affected Versions
Phpmyadmin Phpmyadmin	Version 4.6.0
Phpmyadmin Phpmyadmin	Version 4.6.0 alpha1
Phpmyadmin Phpmyadmin	Version 4.6.0 rc1
Phpmyadmin Phpmyadmin	Version 4.6.0 rc2
Phpmyadmin Phpmyadmin	Version 4.6.1
Phpmyadmin Phpmyadmin	Version 4.6.2
Phpmyadmin Phpmyadmin	Version 4.6.4
Phpmyadmin Phpmyadmin	Version 4.6.5