CVE-2015-2206 — Sensitive Information Exposure in Phpmyadmin

CWE-200 — Sensitive Information Exposure7 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.9%

top 24.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin Fedoraproject Fedora

Timeline

PublishedMar 9

Latest updateMay 17

Description

libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.4.4-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:4.4.4-1+3

▶NVDphpmyadmin/phpmyadmin52 versions+51

Also affects: Fedora 20, 21, 22

🔴Vulnerability Details

GHSA

GHSA-crhx-xmfj-53jv: libraries/select_lang↗2022-05-17

▶

OSV

CVE-2015-2206: libraries/select_lang↗2015-03-09

▶

📋Vendor Advisories

Debian

CVE-2015-2206: phpmyadmin - libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before ...↗2015

▶

💬Community

Bugzilla

CVE-2015-2206 phpMyAdmin4: phpMyAdmin: Risk of BREACH attack due to reflected parameter (PMASA-2015-1) [epel-5]↗2015-03-05

▶

Bugzilla

CVE-2015-2206 phpMyAdmin: Risk of BREACH attack due to reflected parameter (PMASA-2015-1) [fedora-all]↗2015-03-05

▶

Bugzilla

CVE-2015-2206 phpMyAdmin: Risk of BREACH attack due to reflected parameter (PMASA-2015-1)↗2015-03-04

▶