CVE-2016-6624: Incomplete List of Disallowed Inputs

December 11, 2016 (updated July 1, 2017)

An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules.

References

www.securityfocus.com/bid/92489
nvd.nist.gov/vuln/detail/CVE-2016-6624
www.phpmyadmin.net/security/PMASA-2016-47

Code Behaviors & Features

Detect and mitigate CVE-2016-6624 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →