4.6.0

DATE	CVE	VULNERABILITY TITLE	RISK
2016-07-03	CVE-2016-5731	Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message. network phpmyadmin opensuse CWE-79	4.3
2016-07-03	CVE-2016-5730	Information Exposure vulnerability in multiple products phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message. network low complexity phpmyadmin opensuse CWE-200	5.0
2016-07-03	CVE-2016-5706	Resource Management Errors vulnerability in multiple products js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter. network low complexity phpmyadmin opensuse CWE-399	5.0
2016-07-03	CVE-2016-5705	Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation. network opensuse phpmyadmin CWE-79	4.3
2016-07-03	CVE-2016-5704	Cross-site Scripting vulnerability in PHPmyadmin 4.6.0/4.6.1/4.6.2 Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment. network phpmyadmin CWE-79	4.3
2016-07-03	CVE-2016-5703	SQL Injection vulnerability in multiple products SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query. network low complexity opensuse phpmyadmin CWE-89	7.5
2016-07-03	CVE-2016-5702	7PK - Security Features vulnerability in PHPmyadmin 4.6.0/4.6.1/4.6.2 phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI. network phpmyadmin CWE-254	4.3
2016-07-03	CVE-2016-5701	Injection vulnerability in multiple products setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI. network phpmyadmin opensuse CWE-74	4.3