Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : phpMyAdmin vulnerabilities (USN-4843-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4843-1 advisory. Javier Nieto and Andres Rojas discovered that phpMyAdmin incorrectly managed input in the form of passwords. An attacker could us...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-9866. Reason: This candidate is a reservation duplicate of CVE-2016-9866. Notes: All CVE users should reference CVE-2016-9866 instead of this candidate. All references and descriptions in this candidate have been removed to...

CVE-2016-1000373

CVE-2016-9866 concerns phpMyAdmin and describes that when the arg_separator is not the default “&”, the CSRF token is not properly stripped from the return URL of the preference import action. Affected releases include 4.6.x prior to 4.6.5, 4.4.x prior to 4.4.15.9, and 4.0.x prior to 4.0.10.18. T...

phpMyAdmin Multiple Security Vulnerabilities - 04 (Dec 2016) - Linux

phpMyAdmin is prone to multiple security vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin";...

CVE-2016-9866

An issue was discovered in phpMyAdmin. When the argseparator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to...

CVE-2016-9866

phpMyAdmin is affected by CVE-2016-9866 due to improper handling of the CSRF token in return URLs for the preference import action when arg_separator differs from its default value. Affected versions include 4.6.x prior to 4.6.5, 4.4.x prior to 4.4.15.9, and 4.0.x prior to 4.0.10.18. Evidence in ...