Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

phpMyAdmin 7PK - Security Features Vulnerability (CVE-2016-4412)

Description

An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user's valid phpMyAdmin token. All 4.0.x versions (prior to 4.0.10.16) are affected.

Remediation

References

Related Vulnerabilities

Joomla Cross-Site Request Forgery (CSRF) (CVE-2021-26033)

Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-4226)

Moodle URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-35652)

WordPress Plugin Pluginception Multiple Cross-Site Scripting Vulnerabilities (1.2)

Jboss EAP Other Vulnerability (CVE-2014-3490)

Severity

Medium

Classification

CVE-2016-4412 CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities