CVE-2016-2039

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.

Published: Feb 20, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-2039
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
opensuse / leap	42.1	42.1.x
opensuse / opensuse	13.1	13.1.x
opensuse / opensuse	13.2	13.2.x
phpmyadmin / phpmyadmin	4.0.0	4.0.0.x
phpmyadmin / phpmyadmin	4.4.13.1	4.4.13.1.x
phpmyadmin / phpmyadmin	4.4.6	4.4.6.x
phpmyadmin / phpmyadmin	4.4.2	4.4.2.x
phpmyadmin / phpmyadmin	4.4.1.1	4.4.1.1.x
phpmyadmin / phpmyadmin	4.4.15	4.4.15.x
phpmyadmin / phpmyadmin	4.4.6.1	4.4.6.1.x
phpmyadmin / phpmyadmin	4.0.10.10	4.0.10.10.x
phpmyadmin / phpmyadmin	4.4.0	4.4.0.x
phpmyadmin / phpmyadmin	4.4.1	4.4.1.x
phpmyadmin / phpmyadmin	4.4.11	4.4.11.x
phpmyadmin / phpmyadmin	4.4.9	4.4.9.x
phpmyadmin / phpmyadmin	4.0.10	4.0.10.x
phpmyadmin / phpmyadmin	4.5.1	4.5.1.x
phpmyadmin / phpmyadmin	4.0.10.4	4.0.10.4.x
phpmyadmin / phpmyadmin	4.5.0.2	4.5.0.2.x
phpmyadmin / phpmyadmin	4.4.8	4.4.8.x
phpmyadmin / phpmyadmin	4.0.10.1	4.0.10.1.x
phpmyadmin / phpmyadmin	4.5.2	4.5.2.x
phpmyadmin / phpmyadmin	4.5.0	4.5.0.x
phpmyadmin / phpmyadmin	4.0.10.9	4.0.10.9.x
phpmyadmin / phpmyadmin	4.4.15.2	4.4.15.2.x
phpmyadmin / phpmyadmin	4.4.7	4.4.7.x
phpmyadmin / phpmyadmin	4.0.1	4.0.1.x
phpmyadmin / phpmyadmin	4.0.10.7	4.0.10.7.x
phpmyadmin / phpmyadmin	4.4.3	4.4.3.x
phpmyadmin / phpmyadmin	4.4.12	4.4.12.x
phpmyadmin / phpmyadmin	4.0.10.6	4.0.10.6.x
phpmyadmin / phpmyadmin	4.0.10.3	4.0.10.3.x
phpmyadmin / phpmyadmin	4.4.5	4.4.5.x
phpmyadmin / phpmyadmin	4.0.0-rc2	4.0.0-rc2.x
phpmyadmin / phpmyadmin	4.4.13	4.4.13.x
phpmyadmin / phpmyadmin	4.0.10.11	4.0.10.11.x
phpmyadmin / phpmyadmin	4.0.10.5	4.0.10.5.x
phpmyadmin / phpmyadmin	4.5.3	4.5.3.x
phpmyadmin / phpmyadmin	4.0.10.12	4.0.10.12.x
phpmyadmin / phpmyadmin	4.4.15.3	4.4.15.3.x
phpmyadmin / phpmyadmin	4.0.10.8	4.0.10.8.x
phpmyadmin / phpmyadmin	4.4.10	4.4.10.x
phpmyadmin / phpmyadmin	4.0.0-rc3	4.0.0-rc3.x
phpmyadmin / phpmyadmin	4.4.15.1	4.4.15.1.x
phpmyadmin / phpmyadmin	4.4.4	4.4.4.x
phpmyadmin / phpmyadmin	4.5.0.1	4.5.0.1.x
phpmyadmin / phpmyadmin	4.0.10.2	4.0.10.2.x
phpmyadmin / phpmyadmin	4.4.14.1	4.4.14.1.x
fedoraproject / fedora	24	24.x
fedoraproject / fedora	23	23.x

Vulnerability Database

289,871

CVE-2016-2039