SecuritySpace - CVE-2016-6614

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2016-6614

Description: An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

Test IDs: 1.3.6.1.4.1.25623.1.1.1.2.2016.626

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2016-6614
BugTraq ID: 94366
http://www.securityfocus.com/bid/94366
https://security.gentoo.org/glsa/201701-32
https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html

CVE ID:	CVE-2016-6614
Description:	An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Test IDs:	1.3.6.1.4.1.25623.1.1.1.2.2016.626
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6614 BugTraq ID: 94366 http://www.securityfocus.com/bid/94366 https://security.gentoo.org/glsa/201701-32 https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html