Candidate: CVE-2016-6612
PublicDate: 2016-12-11 02:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6612
 http://www.phpmyadmin.net/security/PMASA-2016-35/
Description:
 An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL
 INFILE functionality to expose files on the server to the database system.
 All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8),
 and 4.0.x versions (prior to 4.0.10.17) are affected.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Emanuel Bronshtein
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N [6.5 MEDIUM]

Patches_phpmyadmin:
 upstream: https://github.com/phpmyadmin/phpmyadmin/commit/d02d61a
upstream_phpmyadmin: released (4:4.6.4+dfsg1-1)
precise_phpmyadmin: ignored (reached end-of-life)
precise/esm_phpmyadmin: DNE (precise was needed)
trusty_phpmyadmin: ignored (out of standard support)
trusty/esm_phpmyadmin: needed
vivid/stable-phone-overlay_phpmyadmin: DNE
vivid/ubuntu-core_phpmyadmin: DNE
xenial_phpmyadmin: ignored (end of standard support, was needed)
yakkety_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
zesty_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
artful_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
bionic_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
cosmic_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
disco_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
eoan_phpmyadmin: DNE
focal_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
groovy_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
hirsute_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
impish_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
jammy_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
devel_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)