vulnerability

FreeBSD: phpmyadmin -- Unsafe generation of XSRF/CSRF token (CVE-2016-2039)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Jan 28, 2016	Jan 29, 2016	Oct 30, 2017

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Jan 28, 2016

Added

Jan 29, 2016

Modified

Oct 30, 2017

Description

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.

Solution

freebsd-upgrade-package-phpmyadmin

References

CVE-2016-2039
https://attackerkb.com/topics/CVE-2016-2039
URL-https://www.phpmyadmin.net/security/PMASA-2016-2/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today