Description

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.

Remediation

References

CVE-2016-2039

Related Vulnerabilities

WordPress Plugin Resume Submissions & Job Postings Cross-Site Scripting (2.5.3)

Internet Information Services Other Vulnerability (CVE-2000-0884)

PHP Resource Management Errors Vulnerability (CVE-2015-4024)

WordPress Plugin WP Table Builder-WordPress Table Cross-Site Scripting (1.4.6)

Oracle JRE CVE-2013-0809 Vulnerability (CVE-2013-0809)

Severity

Medium

Classification

CVE-2016-2039 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities