libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
CPE | Name | Operator | Version |
---|---|---|---|
fedora | eq | 24 | |
fedora | eq | 23 | |
leap | eq | 42.1 | |
opensuse | eq | 13.1 | |
opensuse | eq | 13.2 | |
phpmyadmin | eq | 4.0.0 | |
phpmyadmin | eq | 4.4.13.1 | |
phpmyadmin | eq | 4.4.6 | |
phpmyadmin | eq | 4.4.2 | |
phpmyadmin | eq | 4.4.1.1 |
lists.opensuse.org/opensuse-updates/2016-02/msg00028.html
lists.opensuse.org/opensuse-updates/2016-02/msg00049.html
www.debian.org/security/2016/dsa-3627
github.com/phpmyadmin/phpmyadmin/commit/cb7748ac9cffcd1cd0f3081499cd4aafa9d1065e
github.com/phpmyadmin/phpmyadmin/commit/f20970d32c3dfdf82aef7b6c244da1f769043813
lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html
lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html
www.phpmyadmin.net/home_page/security/PMASA-2016-2.php