Lucene search

MitreCVELIST:CVE-2016-2039

HistoryFeb 20, 2016 - 1:00 a.m.

CVE-2016-2039

2016-02-2001:00:00

mitre

www.cve.org

6.1 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.7%

JSON

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.

References

lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html

lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html

lists.opensuse.org/opensuse-updates/2016-02/msg00028.html

lists.opensuse.org/opensuse-updates/2016-02/msg00049.html

www.debian.org/security/2016/dsa-3627

www.phpmyadmin.net/home_page/security/PMASA-2016-2.php

github.com/phpmyadmin/phpmyadmin/commit/cb7748ac9cffcd1cd0f3081499cd4aafa9d1065e

github.com/phpmyadmin/phpmyadmin/commit/f20970d32c3dfdf82aef7b6c244da1f769043813