vulnerability
phpMyAdmin: Information Exposure (CVE-2016-2039)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | 2016-02-20 | 2019-10-16 | 2024-11-27 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
2016-02-20
Added
2019-10-16
Modified
2024-11-27
Description
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
Solution
phpmyadmin-upgrade-latest
References
- CVE-2016-2039
- https://attackerkb.com/topics/CVE-2016-2039
- URL-http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html
- URL-http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html
- URL-http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html
- URL-http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html
- URL-http://www.debian.org/security/2016/dsa-3627
- URL-http://www.phpmyadmin.net/home_page/security/PMASA-2016-2.php
- URL-https://github.com/phpmyadmin/phpmyadmin/commit/cb7748ac9cffcd1cd0f3081499cd4aafa9d1065e
- URL-https://github.com/phpmyadmin/phpmyadmin/commit/f20970d32c3dfdf82aef7b6c244da1f769043813
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.