CVE-2016-5097 — Sensitive Information Exposure in Phpmyadmin

CWE-200 — Sensitive Information Exposure8 documents5 sources

Severity

5.3MEDIUMNVD

EPSS

0.6%

top 31.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin Opensuse

Timeline

PublishedJul 5

Latest updateMay 14

Description

phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.6.2-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:4.6.2-1+3

▶NVDphpmyadmin/phpmyadmin4.6.1

▶NVDopensuse/opensuse13.1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-fc5f-944q-53rg: phpMyAdmin before 4↗2022-05-14

▶

OSV

CVE-2016-5097: phpMyAdmin before 4↗2016-07-05

▶

📋Vendor Advisories

Debian

CVE-2016-5097: phpmyadmin - phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for ...↗2016

▶

💬Community

Bugzilla

CVE-2016-5097 CVE-2016-5098 CVE-2016-5099 phpmyadmin4: phpMyAdmin: Multiple issues fixed in 4.6.2 and 4.4.15.6 (PMASA-2016-16,PMASA-2016-15,PMASA-2016-14) [epel-5]↗2016-05-26

▶

Bugzilla

CVE-2016-5097 CVE-2016-5098 CVE-2016-5099 phpMyAdmin: Multiple issues fixed in 4.6.2 and 4.4.15.6 (PMASA-2016-16,PMASA-2016-15,PMASA-2016-14) [fedora-all]↗2016-05-26

▶

Bugzilla

CVE-2016-5097 CVE-2016-5098 CVE-2016-5099 phpMyAdmin: Multiple issues fixed in 4.6.2 and 4.4.15.6 (PMASA-2016-16,PMASA-2016-15,PMASA-2016-14)↗2016-05-26

▶

Bugzilla

CVE-2016-5097 CVE-2016-5098 CVE-2016-5099 phpMyAdmin: Multiple issues fixed in 4.6.2 and 4.4.15.6 (PMASA-2016-16,PMASA-2016-15,PMASA-2016-14) [epel-all]↗2016-05-26

▶