Description

libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.

Remediation

References

CVE-2015-2206

Related Vulnerabilities

WordPress Plugin Backend Localization Multiple Cross-Site Scripting Vulnerabilities (1.6.1)

Moodle URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-14882)

lightbox2 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-9441)

Craft CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-52293)

WordPress Plugin Indeed Job Importer Cross-Site Scripting (1.0.5)

Severity

Medium

Classification

CVE-2015-2206 CWE-200

Tags

Missing Update Known Vulnerabilities