vulnerability
phpMyAdmin: Information Exposure (CVE-2016-5739)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Jul 3, 2016 | Oct 16, 2019 | Nov 27, 2024 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Jul 3, 2016
Added
Oct 16, 2019
Modified
Nov 27, 2024
Description
The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php.
Solution
phpmyadmin-upgrade-latest
References
- CVE-2016-5739
- https://attackerkb.com/topics/CVE-2016-5739
- URL-http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html
- URL-http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html
- URL-http://www.debian.org/security/2016/dsa-3627
- URL-http://www.securityfocus.com/bid/91389
- URL-https://github.com/phpmyadmin/phpmyadmin/commit/1e5716cb96d46efc305381ae0da08e73fe340f05
- URL-https://github.com/phpmyadmin/phpmyadmin/commit/2f4950828ec241e8cbdcf13090c2582a6fa620cb
- URL-https://security.gentoo.org/glsa/201701-32
- URL-https://www.phpmyadmin.net/security/PMASA-2016-28/
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.