CVE-2016-2039

libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.

Published: Feb 20, 2016
Updated: Nov 9, 2025
CVE: CVE-2016-2039
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
opensuse / leap	42.1	42.1.x
opensuse / opensuse	13.1	13.1.x
opensuse / opensuse	13.2	13.2.x
phpmyadmin / phpmyadmin	4.0.0	4.0.0.x
phpmyadmin / phpmyadmin	4.4.13.1	4.4.13.1.x
phpmyadmin / phpmyadmin	4.4.6	4.4.6.x
phpmyadmin / phpmyadmin	4.4.2	4.4.2.x
phpmyadmin / phpmyadmin	4.4.1.1	4.4.1.1.x
phpmyadmin / phpmyadmin	4.4.15	4.4.15.x
phpmyadmin / phpmyadmin	4.4.6.1	4.4.6.1.x
phpmyadmin / phpmyadmin	4.0.10.10	4.0.10.10.x
phpmyadmin / phpmyadmin	4.4.0	4.4.0.x
phpmyadmin / phpmyadmin	4.4.1	4.4.1.x
phpmyadmin / phpmyadmin	4.4.11	4.4.11.x
phpmyadmin / phpmyadmin	4.4.9	4.4.9.x
phpmyadmin / phpmyadmin	4.0.10	4.0.10.x
phpmyadmin / phpmyadmin	4.5.1	4.5.1.x
phpmyadmin / phpmyadmin	4.0.10.4	4.0.10.4.x
phpmyadmin / phpmyadmin	4.5.0.2	4.5.0.2.x
phpmyadmin / phpmyadmin	4.4.8	4.4.8.x
phpmyadmin / phpmyadmin	4.0.10.1	4.0.10.1.x
phpmyadmin / phpmyadmin	4.5.2	4.5.2.x
phpmyadmin / phpmyadmin	4.5.0	4.5.0.x
phpmyadmin / phpmyadmin	4.0.10.9	4.0.10.9.x
phpmyadmin / phpmyadmin	4.4.15.2	4.4.15.2.x
phpmyadmin / phpmyadmin	4.4.7	4.4.7.x
phpmyadmin / phpmyadmin	4.0.1	4.0.1.x
phpmyadmin / phpmyadmin	4.0.10.7	4.0.10.7.x
phpmyadmin / phpmyadmin	4.4.3	4.4.3.x
phpmyadmin / phpmyadmin	4.4.12	4.4.12.x
phpmyadmin / phpmyadmin	4.0.10.6	4.0.10.6.x
phpmyadmin / phpmyadmin	4.0.10.3	4.0.10.3.x
phpmyadmin / phpmyadmin	4.4.5	4.4.5.x
phpmyadmin / phpmyadmin	4.0.0-rc2	4.0.0-rc2.x
phpmyadmin / phpmyadmin	4.4.13	4.4.13.x
phpmyadmin / phpmyadmin	4.0.10.11	4.0.10.11.x
phpmyadmin / phpmyadmin	4.0.10.5	4.0.10.5.x
phpmyadmin / phpmyadmin	4.5.3	4.5.3.x
phpmyadmin / phpmyadmin	4.0.10.12	4.0.10.12.x
phpmyadmin / phpmyadmin	4.4.15.3	4.4.15.3.x
phpmyadmin / phpmyadmin	4.0.10.8	4.0.10.8.x
phpmyadmin / phpmyadmin	4.4.10	4.4.10.x
phpmyadmin / phpmyadmin	4.0.0-rc3	4.0.0-rc3.x
phpmyadmin / phpmyadmin	4.4.15.1	4.4.15.1.x
phpmyadmin / phpmyadmin	4.4.4	4.4.4.x
phpmyadmin / phpmyadmin	4.5.0.1	4.5.0.1.x
phpmyadmin / phpmyadmin	4.0.10.2	4.0.10.2.x
phpmyadmin / phpmyadmin	4.4.14.1	4.4.14.1.x
fedoraproject / fedora	24	24.x
fedoraproject / fedora	23	23.x

Vulnerability Database

308,926

CVE-2016-2039

Deep Security Visibility Without the Complexity