vulnerability
phpMyAdmin: Information Exposure (CVE-2016-2039)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Feb 20, 2016 | Oct 16, 2019 | Nov 27, 2024 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Feb 20, 2016
Added
Oct 16, 2019
Modified
Nov 27, 2024
Description
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
Solution
phpmyadmin-upgrade-latest
References
- CVE-2016-2039
- https://attackerkb.com/topics/CVE-2016-2039
- URL-http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html
- URL-http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html
- URL-http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html
- URL-http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html
- URL-http://www.debian.org/security/2016/dsa-3627
- URL-http://www.phpmyadmin.net/home_page/security/PMASA-2016-2.php
- URL-https://github.com/phpmyadmin/phpmyadmin/commit/cb7748ac9cffcd1cd0f3081499cd4aafa9d1065e
- URL-https://github.com/phpmyadmin/phpmyadmin/commit/f20970d32c3dfdf82aef7b6c244da1f769043813

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.