{"id":"MGASA-2016-0240","summary":"Updated phpmyadmin packages fix security vulnerability","details":"In phpMyAdmin before 4.4.15.7, a vulnerability was discovered that allows\na BBCode injection to setup script in case it's not accessed on https\n(CVE-2016-5701).\n\nIn phpMyAdmin before 4.4.15.7, a vulnerability was discovered that allows\nan SQL injection attack to run arbitrary commands as the control user\n(CVE-2016-5703).\n\nIn phpMyAdmin before 4.4.15.7, XSS vulnerabilities were discovered in the\nuser privileges page, the error console, and the central columns, query\nbookmarks, and user groups features (CVE-2016-5705).\n\nIn phpMyAdmin before 4.4.15.7, a Denial Of Service (DOS) attack was\ndiscovered in the way phpMyAdmin loads some JavaScript files\n(CVE-2016-5706).\n\nIn phpMyAdmin before 4.4.15.7, by specially crafting requests in the\nfollowing areas, it is possible to trigger phpMyAdmin to display a PHP\nerror message which contains the full path of the directory where\nphpMyAdmin is installed (CVE-2016-5730).\n\nIn phpMyAdmin before 4.4.15.7, with a specially crafted request, it is\npossible to trigger an XSS attack through the example OpenID\nauthentication script (CVE-2016-5731).\n\nIn phpMyAdmin before 4.4.15.7, XSS vulnerabilities were found through\nspecially crafted databases, in AJAX error handling, and in the\nTransformation, Designer, charts, and zoom search features\n(CVE-2016-5733).\n\nIn phpMyAdmin before 4.4.15.7, a vulnerability was reported where a\nspecially crafted Transformation could be used to leak information\nincluding the authentication token. This could be used to direct a CSRF\nattack against a user (CVE-2016-5739).\n","modified":"2026-04-16T01:48:55.070547842Z","published":"2016-07-05T15:47:08Z","upstream":["CVE-2016-5701","CVE-2016-5703","CVE-2016-5705","CVE-2016-5706","CVE-2016-5730","CVE-2016-5731","CVE-2016-5733","CVE-2016-5739"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0240.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=18777"},{"type":"WEB","url":"https://www.phpmyadmin.net/security/PMASA-2016-17/"},{"type":"WEB","url":"https://www.phpmyadmin.net/security/PMASA-2016-19/"},{"type":"WEB","url":"https://www.phpmyadmin.net/security/PMASA-2016-21/"},{"type":"WEB","url":"https://www.phpmyadmin.net/security/PMASA-2016-22/"},{"type":"WEB","url":"https://www.phpmyadmin.net/security/PMASA-2016-23/"},{"type":"WEB","url":"https://www.phpmyadmin.net/security/PMASA-2016-24/"},{"type":"WEB","url":"https://www.phpmyadmin.net/security/PMASA-2016-26/"},{"type":"WEB","url":"https://www.phpmyadmin.net/security/PMASA-2016-28/"},{"type":"WEB","url":"https://www.phpmyadmin.net/news/2016/6/23/phpmyadmin-401016-44157-and-463-are-released/"}],"affected":[{"package":{"name":"phpmyadmin","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/phpmyadmin?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.15.7-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0240.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}