vulnerability
phpMyAdmin: Information Exposure (CVE-2016-5097)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | 2016-07-05 | 2019-10-16 | 2024-03-07 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
2016-07-05
Added
2019-10-16
Modified
2024-03-07
Description
phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.
Solution
phpmyadmin-upgrade-latest
References
- CVE-2016-5097
- https://attackerkb.com/topics/CVE-2016-5097
- URL-http://lists.opensuse.org/opensuse-updates/2016-06/msg00043.html
- URL-http://www.securitytracker.com/id/1035978
- URL-https://github.com/phpmyadmin/phpmyadmin/commit/11eb574242d2526107366d367ab5585fbe29578f
- URL-https://github.com/phpmyadmin/phpmyadmin/commit/59e56bd63a5e023b797d82eb272cd074e3b4bfd1
- URL-https://github.com/phpmyadmin/phpmyadmin/commit/5fc8020c5ba9cd2e38beb5dfe013faf2103cdf0f
- URL-https://github.com/phpmyadmin/phpmyadmin/commit/8326aaebe54083d9726e153abdd303a141fe5ad3
- URL-https://security.gentoo.org/glsa/201701-32
- URL-https://www.phpmyadmin.net/security/PMASA-2016-14
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.