WEB APPLICATION VULNERABILITIES Standard & Premium

phpMyAdmin 7PK - Security Features Vulnerability (CVE-2016-9850)

Description

An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

Remediation

References

Related Vulnerabilities

WordPress 5.1.x Cross-Site Request Forgery (5.1)

XWiki Improper Authentication Vulnerability (CVE-2022-36092)

WordPress Plugin Occasions Cross-Site Request Forgery (1.0.4)

WordPress Plugin CloudFlare Multiple Cross-Site Scripting Vulnerabilities (1.3.20)

ProjectSend Improper Input Validation Vulnerability (CVE-2017-9741)

Severity

Medium

Classification

CVE-2016-9850 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities