CVE-2016-6625Sensitive Information Exposure in Phpmyadmin

CWE-200Sensitive Information Exposure5 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 49.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PhpmyadminDebian Phpmyadmin
Timeline
PublishedDec 11
Latest updateMay 17

Description

An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

debiandebian/phpmyadmin< phpmyadmin 4:4.6.4+dfsg1-1 (bookworm)
Packagistphpmyadmin/phpmyadmin4.64.6.4+2
Debianphpmyadmin/phpmyadmin< 4:4.6.4+dfsg1-1+3
NVDphpmyadmin/phpmyadmin60 versions+59

Patches

Patch: www.phpmyadmin.netPatch: www.phpmyadmin.net

🔴Vulnerability Details

3
GHSA
phpMyAdmin allows to detect if user is logged in2022-05-17
OSV
phpMyAdmin allows to detect if user is logged in2022-05-17
OSV
CVE-2016-6625: An issue was discovered in phpMyAdmin2016-12-11

📋Vendor Advisories

1
Debian
CVE-2016-6625: phpmyadmin - An issue was discovered in phpMyAdmin. An attacker can determine whether a user ...2016