CVE-2016-2039

MEDIUM

phpMyAdmin <4.0.10.13, <4.4.15.3, <4.5.4 - CSRF

Title source: llm

Description

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.

References (8)

Scores

CVSS v3 5.3
EPSS 0.0038
EPSS Percentile 59.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE
CWE-200
Status draft

Affected Products (50)

opensuse/leap
opensuse/opensuse
opensuse/opensuse
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
... and 35 more

Timeline

Published Feb 20, 2016
Tracked Since Feb 18, 2026