CVE-2016-2039: Infoleak
First published: Sat Feb 20 2016(Updated: )
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| openSUSE Leap | =42.1 | |
| openSUSE openSUSE | =13.1 | |
| openSUSE openSUSE | =13.2 | |
| phpMyAdmin phpMyAdmin | =4.0.0 | |
| phpMyAdmin phpMyAdmin | =4.0.0-rc2 | |
| phpMyAdmin phpMyAdmin | =4.0.0-rc3 | |
| phpMyAdmin phpMyAdmin | =4.0.1 | |
| phpMyAdmin phpMyAdmin | =4.0.10 | |
| phpMyAdmin phpMyAdmin | =4.0.10.1 | |
| phpMyAdmin phpMyAdmin | =4.0.10.2 | |
| phpMyAdmin phpMyAdmin | =4.0.10.3 | |
| phpMyAdmin phpMyAdmin | =4.0.10.4 | |
| phpMyAdmin phpMyAdmin | =4.0.10.5 | |
| phpMyAdmin phpMyAdmin | =4.0.10.6 | |
| phpMyAdmin phpMyAdmin | =4.0.10.7 | |
| phpMyAdmin phpMyAdmin | =4.0.10.8 | |
| phpMyAdmin phpMyAdmin | =4.0.10.9 | |
| phpMyAdmin phpMyAdmin | =4.0.10.10 | |
| phpMyAdmin phpMyAdmin | =4.0.10.11 | |
| phpMyAdmin phpMyAdmin | =4.0.10.12 | |
| phpMyAdmin phpMyAdmin | =4.4.0 | |
| phpMyAdmin phpMyAdmin | =4.4.1 | |
| phpMyAdmin phpMyAdmin | =4.4.1.1 | |
| phpMyAdmin phpMyAdmin | =4.4.2 | |
| phpMyAdmin phpMyAdmin | =4.4.3 | |
| phpMyAdmin phpMyAdmin | =4.4.4 | |
| phpMyAdmin phpMyAdmin | =4.4.5 | |
| phpMyAdmin phpMyAdmin | =4.4.6 | |
| phpMyAdmin phpMyAdmin | =4.4.6.1 | |
| phpMyAdmin phpMyAdmin | =4.4.7 | |
| phpMyAdmin phpMyAdmin | =4.4.8 | |
| phpMyAdmin phpMyAdmin | =4.4.9 | |
| phpMyAdmin phpMyAdmin | =4.4.10 | |
| phpMyAdmin phpMyAdmin | =4.4.11 | |
| phpMyAdmin phpMyAdmin | =4.4.12 | |
| phpMyAdmin phpMyAdmin | =4.4.13 | |
| phpMyAdmin phpMyAdmin | =4.4.13.1 | |
| phpMyAdmin phpMyAdmin | =4.4.14.1 | |
| phpMyAdmin phpMyAdmin | =4.4.15 | |
| phpMyAdmin phpMyAdmin | =4.4.15.1 | |
| phpMyAdmin phpMyAdmin | =4.4.15.2 | |
| phpMyAdmin phpMyAdmin | =4.4.15.3 | |
| phpMyAdmin phpMyAdmin | =4.5.0 | |
| phpMyAdmin phpMyAdmin | =4.5.0.1 | |
| phpMyAdmin phpMyAdmin | =4.5.0.2 | |
| phpMyAdmin phpMyAdmin | =4.5.1 | |
| phpMyAdmin phpMyAdmin | =4.5.2 | |
| phpMyAdmin phpMyAdmin | =4.5.3 | |
| Fedoraproject Fedora | =23 | |
| Fedoraproject Fedora | =24 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html
- http://www.debian.org/security/2016/dsa-3627
- http://www.phpmyadmin.net/home_page/security/PMASA-2016-2.php
- https://github.com/phpmyadmin/phpmyadmin/commit/cb7748ac9cffcd1cd0f3081499cd4aafa9d1065e
- https://github.com/phpmyadmin/phpmyadmin/commit/f20970d32c3dfdf82aef7b6c244da1f769043813
- agent/references
- agent/weakness
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/author
- agent/remedy
- agent/description
- agent/event
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/42.1
- canonical/opensuse opensuse
- version/opensuse opensuse/13.1
- version/opensuse opensuse/13.2
- vendor/phpmyadmin
- canonical/phpmyadmin phpmyadmin
- version/phpmyadmin phpmyadmin/4.0.0
- version/phpmyadmin phpmyadmin/4.0.0-rc2
- version/phpmyadmin phpmyadmin/4.0.0-rc3
- version/phpmyadmin phpmyadmin/4.0.1
- version/phpmyadmin phpmyadmin/4.0.10
- version/phpmyadmin phpmyadmin/4.0.10.1
- version/phpmyadmin phpmyadmin/4.0.10.2
- version/phpmyadmin phpmyadmin/4.0.10.3
- version/phpmyadmin phpmyadmin/4.0.10.4
- version/phpmyadmin phpmyadmin/4.0.10.5
- version/phpmyadmin phpmyadmin/4.0.10.6
- version/phpmyadmin phpmyadmin/4.0.10.7
- version/phpmyadmin phpmyadmin/4.0.10.8
- version/phpmyadmin phpmyadmin/4.0.10.9
- version/phpmyadmin phpmyadmin/4.0.10.10
- version/phpmyadmin phpmyadmin/4.0.10.11
- version/phpmyadmin phpmyadmin/4.0.10.12
- version/phpmyadmin phpmyadmin/4.4.0
- version/phpmyadmin phpmyadmin/4.4.1
- version/phpmyadmin phpmyadmin/4.4.1.1
- version/phpmyadmin phpmyadmin/4.4.2
- version/phpmyadmin phpmyadmin/4.4.3
- version/phpmyadmin phpmyadmin/4.4.4
- version/phpmyadmin phpmyadmin/4.4.5
- version/phpmyadmin phpmyadmin/4.4.6
- version/phpmyadmin phpmyadmin/4.4.6.1
- version/phpmyadmin phpmyadmin/4.4.7
- version/phpmyadmin phpmyadmin/4.4.8
- version/phpmyadmin phpmyadmin/4.4.9
- version/phpmyadmin phpmyadmin/4.4.10
- version/phpmyadmin phpmyadmin/4.4.11
- version/phpmyadmin phpmyadmin/4.4.12
- version/phpmyadmin phpmyadmin/4.4.13
- version/phpmyadmin phpmyadmin/4.4.13.1
- version/phpmyadmin phpmyadmin/4.4.14.1
- version/phpmyadmin phpmyadmin/4.4.15
- version/phpmyadmin phpmyadmin/4.4.15.1
- version/phpmyadmin phpmyadmin/4.4.15.2
- version/phpmyadmin phpmyadmin/4.4.15.3
- version/phpmyadmin phpmyadmin/4.5.0
- version/phpmyadmin phpmyadmin/4.5.0.1
- version/phpmyadmin phpmyadmin/4.5.0.2
- version/phpmyadmin phpmyadmin/4.5.1
- version/phpmyadmin phpmyadmin/4.5.2
- version/phpmyadmin phpmyadmin/4.5.3
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/23
- version/fedoraproject fedora/24