Description

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.

Remediation

References

CVE-2016-2039

Related Vulnerabilities

Microsoft SQL Server CVE-2023-32026 Vulnerability (CVE-2023-32026)

Apache HTTP Server Improper Handling of Case Sensitivity Vulnerability (CVE-2001-0766)

WordPress Plugin SVG Support Cross-Site Scripting (2.5.1)

WordPress Plugin Comment Link Remove and Other Comment Tools Cross-Site Request Forgery (2.1.4)

WordPress Plugin Social Login WP Cross-Site Request Forgery (5.0.0.0)

Severity

Medium

Classification

CVE-2016-2039 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities