CVE-2016-9851 — Session Fixation in Phpmyadmin

CWE-254 CWE-384 — Session Fixation6 documents5 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 52.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedDec 11

Latest updateMay 17

Description

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.6.5.1-1 (bookworm)

▶Packagistphpmyadmin/phpmyadmin4.6 — 4.6.5+1

▶Debianphpmyadmin/phpmyadmin< 4:4.6.5.1-1+3

▶NVDphpmyadmin/phpmyadmin33 versions+32

Patches

Patch: www.phpmyadmin.net ↗Patch: www.phpmyadmin.net ↗

🔴Vulnerability Details

GHSA

phpMyAdmin Bypass logout timeout↗2022-05-17

▶

OSV

phpMyAdmin Bypass logout timeout↗2022-05-17

▶

OSV

CVE-2016-9851: An issue was discovered in phpMyAdmin↗2016-12-11

▶

📋Vendor Advisories

Debian

CVE-2016-9851: phpmyadmin - An issue was discovered in phpMyAdmin. With a crafted request parameter value it...↗2016

▶

💬Community

Bugzilla

CVE-2014-9851 ImageMagick: crash when parsing resource block↗2016-06-07

▶