← voltar
CVE-2016-2039

CVE-2016-2039

EPSS 2.5%
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.htmlhttp://lists.opensuse.org/opensuse-updates/2016-02/msg00028.htmlhttp://lists.opensuse.org/opensuse-updates/2016-02/msg00049.htmlhttps://github.com/phpmyadmin/phpmyadmin/commit/cb7748ac9cffcd1cd0f3081499cd4aafa9d1065ehttps://github.com/phpmyadmin/phpmyadmin/commit/f20970d32c3dfdf82aef7b6c244da1f769043813http://www.debian.org/security/2016/dsa-3627http://www.phpmyadmin.net/home_page/security/PMASA-2016-2.php