Wind River Support Network

HomeDefectsLIN8-5284
Fixed

LIN8-5284 : Security Advisory - phpmyadmin - CVE-2016-6614

Created: Dec 15, 2016    Updated: Dec 3, 2018
Resolved Date: Dec 21, 2016
Found In Version: 8.0.0.11
Fix Version: 8.0.0.13
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6614

Other Downloads


CVEs


Live chat
Online