5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.007 Low
EPSS
Percentile
80.2%
The phpMyAdmin development team reports:
Risk of BREACH attack due to reflected parameter.
With a large number of crafted requests it was possible to infer
the CSRF token by a BREACH attack.
Mitigation factor: this vulnerability can only be exploited in
the presence of another vulnerability that allows the attacker to
inject JavaScript into victim’s browser.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | phpmyadmin | = 4.3.0 | UNKNOWN |
FreeBSD | any | noarch | phpmyadmin | < 4.3.11.1 | UNKNOWN |