libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DLA-406-1 | phpmyadmin security update |
![]() |
DLA-481-1 | phpmyadmin security update |
![]() |
DLA-481-2 | phpmyadmin regression update |
![]() |
DSA-3627-1 | phpmyadmin security update |
![]() |
EUVD-2016-3147 | libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-05T23:17:49.952Z
Reserved: 2016-01-22T00:00:00
Link: CVE-2016-2039

No data.

Status : Deferred
Published: 2016-02-20T01:59:02.140
Modified: 2025-04-12T10:46:40.837
Link: CVE-2016-2039

No data.

No data.