CVE-2016-6606: Weakness with cookie encryption. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch. CVE-2016-6607: Multiple XSS vulnerabilities. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch. CVE-2016-6608: Multiple XSS vulnerabilities. All 4.6.x versions are affected Upgrade to phpMyAdmin 4.6.4 or newer or apply patch. CVE-2016-6609: PHP code injection. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer or apply patch. CVE-2016-6610: Full path disclosure. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch. CVE-2016-6611: SQL injection attack. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch. CVE-2016-6612: Local file exposure. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch. CVE-2016-6613: Local file exposure through symlinks with UploadDir. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch. CVE-2016-6614: Path traversal with SaveDir and UploadDir. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer or apply patch. CVE-2016-6615: Multiple XSS vulnerabilities. All 4.6.x versions and 4.4.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or newer or apply patch. CVE-2016-6616: SQL injection attack. All 4.6.x versions and 4.4.x versions are affected Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or newer or apply patch CVE-2016-6617: SQL injection attack. All 4.6.x versions are affected. Upgrade to phpMyAdmin 4.6.4 or newer, or apply patch. CVE-2016-6618: Denial of service attack in transformation feature. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch. CVE-2016-6619: SQL injection attack as control user. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer or apply patch. CVE-2016-6620: Unvalidated data passed to unserialize. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer or apply patch. CVE-2016-6622: DOS attack with forced persistent connections. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer or apply patch. CVE-2016-6623: Denial of service attack by for loops. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch. CVE-2016-6624: IPv6 and proxy server IP-based authentication rule circumvention. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer or apply patch CVE-2016-6625: Detect if user is logged in. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer, or apply patch CVE-2016-6626: Bypass URL redirect protection. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer. CVE-2016-6627: Referrer leak in url.php. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer, or apply patch. CVE-2016-6628: Reflected File Download attack. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer, or apply patch CVE-2016-6629: ArbitraryServerRegexp bypass. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch. CVE-2016-6630: Denial of service attack by changing password to a very long string. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch CVE-2016-6631: Remote code execution vulnerability when run as CGI. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer, or apply patch CVE-2016-6632: Denial of service attack with dbase extension. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch CVE-2016-6633: Remote code execution vulnerability when PHP is running with dbase extension. All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch