{"id":"GHSA-phhm-63xx-v9rr","summary":"phpMyAdmin Reflected File Download attack","details":"An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.","aliases":["CVE-2016-6628"],"modified":"2024-12-06T05:39:02.474593Z","published":"2022-05-17T02:37:14Z","database_specific":{"github_reviewed":true,"cwe_ids":[],"nvd_published_at":"2016-12-11T02:59:00Z","github_reviewed_at":"2024-04-24T17:19:11Z","severity":"MODERATE"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6628"},{"type":"PACKAGE","url":"https://github.com/phpmyadmin/composer"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"},{"type":"WEB","url":"https://security.gentoo.org/glsa/201701-32"},{"type":"WEB","url":"https://www.phpmyadmin.net/security/PMASA-2016-51"},{"type":"WEB","url":"http://www.securityfocus.com/bid/92492"}],"affected":[{"package":{"name":"phpmyadmin/phpmyadmin","ecosystem":"Packagist","purl":"pkg:composer/phpmyadmin/phpmyadmin"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.6"},{"fixed":"4.6.4"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-phhm-63xx-v9rr/GHSA-phhm-63xx-v9rr.json"}},{"package":{"name":"phpmyadmin/phpmyadmin","ecosystem":"Packagist","purl":"pkg:composer/phpmyadmin/phpmyadmin"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.4"},{"fixed":"4.4.15.8"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-phhm-63xx-v9rr/GHSA-phhm-63xx-v9rr.json"}},{"package":{"name":"phpmyadmin/phpmyadmin","ecosystem":"Packagist","purl":"pkg:composer/phpmyadmin/phpmyadmin"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.0"},{"fixed":"4.0.10.17"}]}],"versions":["4.0.0","4.0.1","4.0.10","4.0.10.1","4.0.10.2","4.0.10.3","4.0.10.4","4.0.10.5","4.0.10.6","4.0.10.7","4.0.10.8","4.0.10.9","4.0.2","4.0.3","4.0.4","4.0.4.1","4.0.4.2","4.0.5","4.0.6","4.0.7","4.0.8","4.0.9"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-phhm-63xx-v9rr/GHSA-phhm-63xx-v9rr.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}]}