1. Home
  2. CVE Database
  3. CVE-2016-6620
CRITICAL · 9.8

CVE-2016-6620

An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution beca...

Vulnerability Description

An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
PhpmyadminPhpmyadmin4.6.0

Related Weaknesses (CWE)

CWE-502

References

FAQ

What is CVE-2016-6620?

CVE-2016-6620 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution beca...

How severe is CVE-2016-6620?

CVE-2016-6620 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-6620?

Check the references section above for vendor advisories and patch information. Affected products include: Phpmyadmin Phpmyadmin.