Description

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.

Remediation

References

CVE-2016-2039

Related Vulnerabilities

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-11587)

TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23494)

WordPress Plugin WP Photo Album 'photo' Parameter SQL Injection (1.0)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4345)

WordPress Plugin Redux Framework Cross-Site Request Forgery (4.1.20)

Severity

Medium

Classification

CVE-2016-2039 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities