1
Candidate: CVE-2016-6631
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6631
5
http://www.phpmyadmin.net/security/PMASA-2016-54/
7
An issue was discovered in phpMyAdmin. A user can execute a remote code
8
execution attack against a server when phpMyAdmin is being run as a CGI
9
application. Under certain server configurations, a user can pass a query
10
string which is executed as a command-line argument by the file
11
generator_plugin.sh. All 4.6.x versions (prior to 4.6.4), 4.4.x versions
12
(prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
17
Discovered-by: Emanuel Bronshtein
21
upstream: https://github.com/phpmyadmin/phpmyadmin/commit/0a3c6d3
22
upstream_phpmyadmin: released (4:4.6.4+dfsg1-1)
23
precise_phpmyadmin: ignored (reached end-of-life)
24
precise/esm_phpmyadmin: DNE (precise was needed)
25
trusty_phpmyadmin: needed
26
vivid/stable-phone-overlay_phpmyadmin: DNE
27
vivid/ubuntu-core_phpmyadmin: DNE
28
xenial_phpmyadmin: needed
29
yakkety_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
30
zesty_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
31
artful_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
32
bionic_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
33
devel_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)