Description

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.

Remediation

References

CVE-2016-2039

Related Vulnerabilities

WordPress Denial of Service Vulnerability (0.70 - 3.6.1)

WordPress Plugin Timeline Event History PHP Object Injection (3.1)

Jenkins Insufficient Verification of Data Authenticity Vulnerability (CVE-2015-7539)

WordPress Plugin CM Download Manager Multiple Vulnerabilities (2.0.6)

WordPress Plugin Users Ultra SQL Injection (1.4.35)

Severity

Medium

Classification

CVE-2016-2039 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities