CVE-2016-2039
N/A
N/A
Summary
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/phpmyadmin/phpmyadmin/commit/f20970d32c3dfdf82aef7b6c244da1f769043813
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html
- http://www.debian.org/security/2016/dsa-3627
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html
- http://www.phpmyadmin.net/home_page/security/PMASA-2016-2.php
- https://github.com/phpmyadmin/phpmyadmin/commit/cb7748ac9cffcd1cd0f3081499cd4aafa9d1065e
References
- https://github.com/phpmyadmin/phpmyadmin/commit/f20970d32c3dfdf82aef7b6c244da1f769043813
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html
- http://www.debian.org/security/2016/dsa-3627
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html
- http://www.phpmyadmin.net/home_page/security/PMASA-2016-2.php
- https://github.com/phpmyadmin/phpmyadmin/commit/cb7748ac9cffcd1cd0f3081499cd4aafa9d1065e
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.