vulnerability
phpMyAdmin: Information Exposure (CVE-2016-5097)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Jul 5, 2016 | Oct 16, 2019 | Mar 7, 2024 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Jul 5, 2016
Added
Oct 16, 2019
Modified
Mar 7, 2024
Description
phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.
Solution
phpmyadmin-upgrade-latest
References
- CVE-2016-5097
- https://attackerkb.com/topics/CVE-2016-5097
- URL-http://lists.opensuse.org/opensuse-updates/2016-06/msg00043.html
- URL-http://www.securitytracker.com/id/1035978
- URL-https://github.com/phpmyadmin/phpmyadmin/commit/11eb574242d2526107366d367ab5585fbe29578f
- URL-https://github.com/phpmyadmin/phpmyadmin/commit/59e56bd63a5e023b797d82eb272cd074e3b4bfd1
- URL-https://github.com/phpmyadmin/phpmyadmin/commit/5fc8020c5ba9cd2e38beb5dfe013faf2103cdf0f
- URL-https://github.com/phpmyadmin/phpmyadmin/commit/8326aaebe54083d9726e153abdd303a141fe5ad3
- URL-https://security.gentoo.org/glsa/201701-32
- URL-https://www.phpmyadmin.net/security/PMASA-2016-14
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.