CVE-2016-2039

Published: Feb 20, 2016

Modified: Aug 5, 2024

PUBLISHED

Description

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/phpmyadmin/phpmyadmin/commit/f20970d32c3dfdf82aef7b6c244da1f769043813

x_refsource_CONFIRM

openSUSE-SU-2016:0378

vendor-advisory

x_refsource_SUSE

DSA-3627

vendor-advisory

x_refsource_DEBIAN

openSUSE-SU-2016:0357

vendor-advisory

x_refsource_SUSE

FEDORA-2016-e55278763e

vendor-advisory

x_refsource_FEDORA

FEDORA-2016-e1fe01e96e

vendor-advisory

x_refsource_FEDORA

http://www.phpmyadmin.net/home_page/security/PMASA-2016-2.php

x_refsource_CONFIRM

https://github.com/phpmyadmin/phpmyadmin/commit/cb7748ac9cffcd1cd0f3081499cd4aafa9d1065e

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-2039

Description

Affected Products

References