CVE-2016-6621 Common Vulnerabilities and Exposures

Upstream information

CVE-2016-6621 at MITRE

Description

The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
CVSS detail	National Vulnerability Database
Base Score	5
Vector	AV:N/AC:L/Au:N/C:P/I:N/A:N
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	None
Availability Impact	None

CVSS v3 Scores
CVSS detail	National Vulnerability Database
Base Score	8.6
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User Interaction	None
Scope	Changed
Confidentiality Impact	High
Integrity Impact	None
Availability Impact	None
CVSSv3 Version	3

SUSE Bugzilla entry: 994313 [RESOLVED / FIXED]

SUSE Security Advisories:

openSUSE-SU-2016:2168-1, published Fri Dec 8 15:48:59 2023

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Tumbleweed	`phpMyAdmin >= 4.6.5.2-1.1`	Patchnames: openSUSE-Tumbleweed-2024-10054

SUSE Timeline for this CVE

CVE page created: Tue Aug 23 16:48:19 2016
CVE page last modified: Mon Oct 6 18:25:58 2025