CVE-2016-6633
HIGH8.1EPSS 1.8%phpMyAdmin Remote code execution vulnerability when PHP is running with dbase extension
Published: 5/17/2022Modified: 5/7/2026
Description
An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Affected packages (3)
- Alpine/phpmyadminfrom 0, < 4.4.15.8-r0
- Debian/phpmyadminfrom 0, < 4:4.6.4+dfsg1-1
- Packagist/phpmyadmin/phpmyadmin>= 4.6, < 4.6.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-6633
- ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2016-6633
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-6633
- PATCHhttps://github.com/phpmyadmin/composer
- WEBhttps://security.gentoo.org/glsa/201701-32
- WEBhttps://www.phpmyadmin.net/security/PMASA-2016-56
- WEBhttp://www.securityfocus.com/bid/92500