Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
phpMyAdmin Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2016-6614 - Vulnerability Database
phpMyAdmin

phpMyAdmin Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2016-6614

Medium
Reference: CVE-2016-6614
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-6614
Title: phpMyAdmin Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Overview:

An issue was discovered in phpMyAdmin involving the u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4) 4.4.x versions (prior to 4.4.15.8) and 4.0.x versions (prior to 4.0.10.17) are affected.