CVE-2016-2039
CVE-2016-2039
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.htmlhttp://lists.opensuse.org/opensuse-updates/2016-02/msg00028.htmlhttp://lists.opensuse.org/opensuse-updates/2016-02/msg00049.htmlhttps://github.com/phpmyadmin/phpmyadmin/commit/cb7748ac9cffcd1cd0f3081499cd4aafa9d1065ehttps://github.com/phpmyadmin/phpmyadmin/commit/f20970d32c3dfdf82aef7b6c244da1f769043813http://www.debian.org/security/2016/dsa-3627http://www.phpmyadmin.net/home_page/security/PMASA-2016-2.php