CVE-2016-2039Sensitive Information Exposure in Phpmyadmin

CWE-200Sensitive Information Exposure7 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.4%
top 40.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
PhpmyadminDebian PhpmyadminFedoraproject Fedora+2 more
Timeline
PublishedFeb 20
Latest updateMay 14

Description

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

debiandebian/phpmyadmin< phpmyadmin 4:4.5.4-1 (bookworm)
Debianphpmyadmin/phpmyadmin< 4:4.5.4-1+3
NVDphpmyadmin/phpmyadmin43 versions+42
NVDopensuse/leap42.1
NVDopensuse/opensuse13.1, 13.2+1

Also affects: Fedora 23, 24

Patches

Patch: www.phpmyadmin.netPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-hc8v-m2rw-4fc4: libraries/session2022-05-14
OSV
CVE-2016-2039: libraries/session2016-02-20

📋Vendor Advisories

1
Debian
CVE-2016-2039: phpmyadmin - libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4...2016

💬Community

3
Bugzilla
CVE-2016-2038 CVE-2016-2039 CVE-2016-2040 CVE-2016-1927 CVE-2016-2041 CVE-2016-2043 CVE-2016-2044 CVE-2016-2045 phpmyadmin: various flaws [fedora-all]2016-01-28
Bugzilla
CVE-2016-2038 CVE-2016-2039 CVE-2016-2040 CVE-2016-1927 CVE-2016-2041 CVE-2016-2043 CVE-2016-2044 CVE-2016-2045 phpmyadmin: various flaws [epel-all]2016-01-28
Bugzilla
CVE-2016-2039 phpMyAdmin: Unsafe generation of XSRF/CSRF token (PMASA-2016-2)2016-01-28