CVE-2016-5097: Infoleak
First published: Tue Jul 05 2016(Updated: )
phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| openSUSE openSUSE | =13.1 | |
| phpMyAdmin phpMyAdmin | <=4.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-updates/2016-06/msg00043.html
- http://www.securitytracker.com/id/1035978
- https://github.com/phpmyadmin/phpmyadmin/commit/11eb574242d2526107366d367ab5585fbe29578f
- https://github.com/phpmyadmin/phpmyadmin/commit/59e56bd63a5e023b797d82eb272cd074e3b4bfd1
- https://github.com/phpmyadmin/phpmyadmin/commit/5fc8020c5ba9cd2e38beb5dfe013faf2103cdf0f
- https://github.com/phpmyadmin/phpmyadmin/commit/8326aaebe54083d9726e153abdd303a141fe5ad3
- https://security.gentoo.org/glsa/201701-32
- https://www.phpmyadmin.net/security/PMASA-2016-14
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/remedy
- agent/author
- agent/weakness
- agent/severity
- agent/description
- agent/event
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/opensuse
- canonical/opensuse opensuse
- version/opensuse opensuse/13.1
- vendor/phpmyadmin
- canonical/phpmyadmin phpmyadmin
- version/phpmyadmin phpmyadmin/4.6.1