Cross site request forgery (csrf)

2016-07-0301:59:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.9%

JSON

The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php.

CPENameOperatorVersion
leapeq42.1
opensuseeq13.1
opensuseeq13.2
phpmyadmineq4.4.13.1
phpmyadmineq4.4.6
phpmyadmineq4.4.2
phpmyadmineq4.4.1.1
phpmyadmineq4.4.15
phpmyadmineq4.4.15.4
phpmyadmineq4.4.15.6

Name	Operator	Version
leap	eq	42.1
opensuse	eq	13.1
opensuse	eq	13.2
phpmyadmin	eq	4.4.13.1
phpmyadmin	eq	4.4.6
phpmyadmin	eq	4.4.2
phpmyadmin	eq	4.4.1.1
phpmyadmin	eq	4.4.15
phpmyadmin	eq	4.4.15.4
phpmyadmin	eq	4.4.15.6