CVE-2016-2039
CVE-2016-2039
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
Productos afectados
n/a · n/a¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.htmlhttp://lists.opensuse.org/opensuse-updates/2016-02/msg00028.htmlhttp://lists.opensuse.org/opensuse-updates/2016-02/msg00049.htmlhttps://github.com/phpmyadmin/phpmyadmin/commit/cb7748ac9cffcd1cd0f3081499cd4aafa9d1065ehttps://github.com/phpmyadmin/phpmyadmin/commit/f20970d32c3dfdf82aef7b6c244da1f769043813http://www.debian.org/security/2016/dsa-3627http://www.phpmyadmin.net/home_page/security/PMASA-2016-2.php