Lucene search

K
osvGoogleOSV:GHSA-8M97-XC46-RW9W
HistoryMay 14, 2022 - 2:08 a.m.

phpMyAdmin Unsafe comparison of XSRF/CSRF token

2022-05-1402:08:30
Google
osv.dev
9
phpmyadmin
csrf
comparison

AI Score

6.8

Confidence

Low

EPSS

0.004

Percentile

72.4%

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.

AI Score

6.8

Confidence

Low

EPSS

0.004

Percentile

72.4%