Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
phpMyAdmin Deserialization of Untrusted Data Vulnerability - CVE-2016-6620 - Vulnerability Database
phpMyAdmin

phpMyAdmin Deserialization of Untrusted Data Vulnerability - CVE-2016-6620

Critical
Reference: CVE-2016-6620
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-6620
Title: phpMyAdmin Deserialization of Untrusted Data Vulnerability
Overview:

An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it39s valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions (prior to 4.6.4) 4.4.x versions (prior to 4.4.15.8) and 4.0.x versions (prior to 4.0.10.17) are affected.