Miggo Logo

CVE-2016-6633: phpMyAdmin Remote code execution vulnerability when PHP is running with dbase extension

8.1

CVSS Score
3.0

Basic Information

EPSS Score
0.83034%
Published
5/17/2022
Updated
4/24/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
phpmyadmin/phpmyadmincomposer>= 4.6, < 4.6.44.6.4
phpmyadmin/phpmyadmincomposer>= 4.4, < 4.4.15.84.4.15.8
phpmyadmin/phpmyadmincomposer>= 4.0, < 4.0.10.174.0.10.17

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from phpMyAdmin's handling of dbase file imports via the dbase extension. The advisory explicitly links the issue to dbase extension usage, and the CWE-94 (Code Injection) suggests improper input handling during file processing. The provided phpMyAdmin security notice references commits in import-related components (e.g., 378c382, f80a250, ddeab2a), which likely patched input validation in the dbase import functionality. The ImportDbase class is directly responsible for parsing dbase files, making it the most probable location for unsafe dbase function usage (e.g., dbase_open, dbase_get_record) with untrusted input.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in p*pMy**min. p*pMy**min **n ** us** to tri***r * r*mot* *o** *x**ution *tt**k ***inst **rt*in P*P inst*ll*tions t**t *r* runnin* wit* t** ***s* *xt*nsion. *ll *.*.x v*rsions (prior to *.*.*), *.*.x v*rsions (prior to *.*.**.

Reasoning

T** vuln*r**ility st*ms *rom p*pMy**min's **n*lin* o* ***s* *il* imports vi* t** ***s* *xt*nsion. T** **visory *xpli*itly links t** issu* to ***s* *xt*nsion us***, *n* t** *W*-** (*o** Inj**tion) su***sts improp*r input **n*lin* *urin* *il* pro**ssin