CVE-2016-5702 | SynScan

Vulnerability Database

290,020

Total vulnerabilities in the database

CVE-2016-5702

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI.

Published: Jul 3, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-5702
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.7
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-254

Affected Software
References

Software	From	Fixed in
phpmyadmin / phpmyadmin	4.6.1	4.6.1.x
phpmyadmin / phpmyadmin	4.6.0-rc2	4.6.0-rc2.x
phpmyadmin / phpmyadmin	4.6.0	4.6.0.x
phpmyadmin / phpmyadmin	4.6.2	4.6.2.x
phpmyadmin / phpmyadmin	4.6.0-rc1	4.6.0-rc1.x
phpmyadmin / phpmyadmin	4.6.0-alpha1	4.6.0-alpha1.x