Detections
Analytics

CVE-2016-2039

medium

Description

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.

References

https://github.com/phpmyadmin/phpmyadmin/commit/f20970d32c3dfdf82aef7b6c244da1f769043813

https://github.com/phpmyadmin/phpmyadmin/commit/cb7748ac9cffcd1cd0f3081499cd4aafa9d1065e

http://www.phpmyadmin.net/home_page/security/PMASA-2016-2.php

http://www.debian.org/security/2016/dsa-3627

http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html

http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html

Details

Source: Mitre, NVD

Published: 2016-02-20

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium