CVE-2016-4412Phpmyadmin vulnerability

CWE-2546 documents5 sources
Severity
4.4MEDIUMNVD
EPSS
0.2%
top 52.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PhpmyadminDebian Phpmyadmin
Timeline
PublishedDec 11
Latest updateMay 17

Description

An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user's valid phpMyAdmin token. All 4.0.x versions (prior to 4.0.10.16) are affected.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 1.3 | Impact: 2.7

Affected Packages3 packages

debiandebian/phpmyadmin< phpmyadmin 4:4.1.7-1 (bookworm)
Debianphpmyadmin/phpmyadmin< 4:4.1.7-1+3
NVDphpmyadmin/phpmyadmin28 versions+27

Patches

Patch: www.phpmyadmin.netPatch: www.phpmyadmin.net

🔴Vulnerability Details

2
GHSA
GHSA-r57r-r9wp-wc2v: An issue was discovered in phpMyAdmin2022-05-17
OSV
CVE-2016-4412: An issue was discovered in phpMyAdmin2016-12-11

📋Vendor Advisories

1
Debian
CVE-2016-4412: phpmyadmin - An issue was discovered in phpMyAdmin. A user can be tricked into following a li...2016

💬Community

2
Bugzilla
phpMyAdmin: Multiple vulnerabilities fixed in 4.0.10.18, 4.4.15.9 and 4.6.5 versions [fedora-all]2016-11-28
Bugzilla
phpMyAdmin: Multiple vulnerabilities fixed in 4.0.10.18, 4.4.15.9 and 4.6.5 versions [epel-all]2016-11-28