CVE-2016-6611

An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

Published: Dec 11, 2016
Updated: Nov 9, 2025
CVE: CVE-2016-6611
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
phpmyadmin / phpmyadmin	4.0.10.15	4.0.10.15.x
phpmyadmin / phpmyadmin	4.0.0	4.0.0.x
phpmyadmin / phpmyadmin	4.0.5	4.0.5.x
phpmyadmin / phpmyadmin	4.0.3	4.0.3.x
phpmyadmin / phpmyadmin	4.0.10.10	4.0.10.10.x
phpmyadmin / phpmyadmin	4.0.10.13	4.0.10.13.x
phpmyadmin / phpmyadmin	4.0.7	4.0.7.x
phpmyadmin / phpmyadmin	4.0.10	4.0.10.x
phpmyadmin / phpmyadmin	4.0.10.4	4.0.10.4.x
phpmyadmin / phpmyadmin	4.0.8	4.0.8.x
phpmyadmin / phpmyadmin	4.0.2	4.0.2.x
phpmyadmin / phpmyadmin	4.0.10.1	4.0.10.1.x
phpmyadmin / phpmyadmin	4.0.10.14	4.0.10.14.x
phpmyadmin / phpmyadmin	4.0.6	4.0.6.x
phpmyadmin / phpmyadmin	4.0.10.9	4.0.10.9.x
phpmyadmin / phpmyadmin	4.0.4.1	4.0.4.1.x
phpmyadmin / phpmyadmin	4.0.1	4.0.1.x
phpmyadmin / phpmyadmin	4.0.10.7	4.0.10.7.x
phpmyadmin / phpmyadmin	4.0.10.16	4.0.10.16.x
phpmyadmin / phpmyadmin	4.0.10.6	4.0.10.6.x
phpmyadmin / phpmyadmin	4.0.10.3	4.0.10.3.x
phpmyadmin / phpmyadmin	4.0.4.2	4.0.4.2.x
phpmyadmin / phpmyadmin	4.0.0-rc2	4.0.0-rc2.x
phpmyadmin / phpmyadmin	4.0.10.11	4.0.10.11.x
phpmyadmin / phpmyadmin	4.0.10.5	4.0.10.5.x
phpmyadmin / phpmyadmin	4.0.10.12	4.0.10.12.x
phpmyadmin / phpmyadmin	4.0.9	4.0.9.x
phpmyadmin / phpmyadmin	4.0.4	4.0.4.x
phpmyadmin / phpmyadmin	4.0.10.8	4.0.10.8.x
phpmyadmin / phpmyadmin	4.0.0-rc3	4.0.0-rc3.x
phpmyadmin / phpmyadmin	4.0.10.2	4.0.10.2.x
phpmyadmin / phpmyadmin	4.4.13.1	4.4.13.1.x
phpmyadmin / phpmyadmin	4.4.6	4.4.6.x
phpmyadmin / phpmyadmin	4.4.2	4.4.2.x
phpmyadmin / phpmyadmin	4.4.1.1	4.4.1.1.x
phpmyadmin / phpmyadmin	4.4.15	4.4.15.x
phpmyadmin / phpmyadmin	4.4.15.4	4.4.15.4.x
phpmyadmin / phpmyadmin	4.4.15.6	4.4.15.6.x
phpmyadmin / phpmyadmin	4.4.6.1	4.4.6.1.x
phpmyadmin / phpmyadmin	4.4.0	4.4.0.x
phpmyadmin / phpmyadmin	4.4.1	4.4.1.x
phpmyadmin / phpmyadmin	4.4.11	4.4.11.x
phpmyadmin / phpmyadmin	4.4.9	4.4.9.x
phpmyadmin / phpmyadmin	4.4.8	4.4.8.x
phpmyadmin / phpmyadmin	4.4.15.2	4.4.15.2.x
phpmyadmin / phpmyadmin	4.4.15.5	4.4.15.5.x
phpmyadmin / phpmyadmin	4.4.7	4.4.7.x
phpmyadmin / phpmyadmin	4.4.15.7	4.4.15.7.x
phpmyadmin / phpmyadmin	4.4.3	4.4.3.x
phpmyadmin / phpmyadmin	4.4.12	4.4.12.x
phpmyadmin / phpmyadmin	4.4.5	4.4.5.x
phpmyadmin / phpmyadmin	4.4.13	4.4.13.x
phpmyadmin / phpmyadmin	4.4.15.3	4.4.15.3.x
phpmyadmin / phpmyadmin	4.4.10	4.4.10.x
phpmyadmin / phpmyadmin	4.4.15.1	4.4.15.1.x
phpmyadmin / phpmyadmin	4.4.4	4.4.4.x
phpmyadmin / phpmyadmin	4.4.14.1	4.4.14.1.x
phpmyadmin / phpmyadmin	4.6.1	4.6.1.x
phpmyadmin / phpmyadmin	4.6.0-rc2	4.6.0-rc2.x
phpmyadmin / phpmyadmin	4.6.0	4.6.0.x
phpmyadmin / phpmyadmin	4.6.2	4.6.2.x
phpmyadmin / phpmyadmin	4.6.3	4.6.3.x
phpmyadmin / phpmyadmin	4.6.0-rc1	4.6.0-rc1.x
phpmyadmin / phpmyadmin	4.6.0-alpha1	4.6.0-alpha1.x

Vulnerability Database

315,049

CVE-2016-6611

Deep Security Visibility Without the Complexity