Wind River Support Network

HomeDefectsLIN6-12073
Fixed

LIN6-12073 : Security Advisory - phpmyadmin - CVE-2016-6614

Created: Dec 15, 2016    Updated: Dec 3, 2018
Resolved Date: Dec 27, 2016
Found In Version: 6.0.0.31
Fix Version: 6.0.0.32
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6614

Other Downloads


Live chat
Online