CRITICAL🇵🇱 Wersja polska

CVE-2016-9865

CVSS 9.8v3.0pub. 2016-12-11upd. 2026-05-06

An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Phpmyadmin

    APP
    Phpmyadmin
    4.0.04.0.14.0.104.0.10.14.0.10.104.0.10.114.0.10.124.0.10.134.0.10.144.0.10.154.0.10.164.0.10.174.0.10.24.0.10.34.0.10.4+ 48 więcej
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Deserialization
CWE
References

Related vulnerabilities

CVE-2009-1151CRITICAL9.8⚠ KEVten sam produkt

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 a...

CVE-2020-22452CRITICAL9.8ten sam produkt

SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5...

CVE-2020-26935CRITICAL9.8ten sam produkt

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection v...

CVE-2019-19617CRITICAL9.8ten sam produkt

phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevis...

CVE-2019-18622CRITICAL9.8ten sam produkt

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL...