CVE-2016-6606: Weakness with cookie encryption All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch. CVE-2016-6607: Multiple XSS vulnerabilities All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch. CVE-2016-6608: Multiple XSS vulnerabilities All 4.6.x versions are affected Upgrade to phpMyAdmin 4.6.4 or newer or apply patch. CVE-2016-6609: PHP code injection All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer or apply patch. CVE-2016-6610: Full path disclosure All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch. CVE-2016-6611: SQL injection attack All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch. CVE-2016-6612: Local file exposure All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch. CVE-2016-6613: Local file exposure through symlinks with UploadDir All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch. CVE-2016-6614: Path traversal with SaveDir and UploadDir All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer or apply patch. CVE-2016-6615: Multiple XSS vulnerabilities All 4.6.x versions and 4.4.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or newer or apply patch. CVE-2016-6616: SQL injection attack All 4.6.x versions and 4.4.x versions are affected Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or newer or apply patch CVE-2016-6617: SQL injection attack All 4.6.x versions are affected. Upgrade to phpMyAdmin 4.6.4 or newer, or apply patch. CVE-2016-6618: Denial of service attack in transformation feature All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch. CVE-2016-6619: SQL injection attack as control user All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer or apply patch. CVE-2016-6620: Unvalidated data passed to unserialize All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer or apply patch. CVE-2016-6622: DOS attack with forced persistent connections All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer or apply patch. CVE-2016-6623: Denial of service attack by for loops All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch. CVE-2016-6624: IPv6 and proxy server IP-based authentication rule circumvention All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer or apply patch CVE-2016-6625: Detect if user is logged in All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer, or apply patch CVE-2016-6626: Bypass URL redirect protection All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer. CVE-2016-6627: Referrer leak in url.php All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer, or apply patch. CVE-2016-6628: Reflected File Download attack All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer, or apply patch CVE-2016-6629: ArbitraryServerRegexp bypass All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch. CVE-2016-6630: Denial of service attack by changing password to a very long string All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch CVE-2016-6631: Remote code execution vulnerability when run as CGI All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer, or apply patch CVE-2016-6632: Denial of service attack with dbase extension All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch CVE-2016-6633: Remote code execution vulnerability when PHP is running with dbase extension All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch