Candidate: CVE-2016-6619
PublicDate: 2016-12-11 02:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6619
 http://www.phpmyadmin.net/security/PMASA-2016-42/
Description:
 An issue was discovered in phpMyAdmin. In the user interface preference
 feature, a user can execute an SQL injection attack against the account of
 the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions
 (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Emanuel Bronshtein
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_phpmyadmin:
 upstream: https://github.com/phpmyadmin/phpmyadmin/commit/b49dba4
upstream_phpmyadmin: released (4:4.6.4+dfsg1-1)
precise_phpmyadmin: ignored (reached end-of-life)
precise/esm_phpmyadmin: DNE (precise was needed)
trusty_phpmyadmin: ignored (out of standard support)
trusty/esm_phpmyadmin: needed
vivid/stable-phone-overlay_phpmyadmin: DNE
vivid/ubuntu-core_phpmyadmin: DNE
xenial_phpmyadmin: ignored (end of standard support, was needed)
yakkety_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
zesty_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
artful_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
bionic_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
cosmic_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
disco_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
eoan_phpmyadmin: DNE
focal_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
groovy_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
hirsute_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
impish_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
jammy_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)
devel_phpmyadmin: not-affected (4:4.6.4+dfsg1-1)