Main Vulnerability Database Vulnerabilities #VU39978

Security Features in phpMyAdmin - CVE-2016-4412

Published: December 11, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU39978

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-4412

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: phpMyAdmin

Affected software:
phpMyAdmin

Detailed vulnerability description

The vulnerability allows a remote authenticated user to read and manipulate data.

An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user's valid phpMyAdmin token. All 4.0.x versions (prior to 4.0.10.16) are affected.

How to mitigate CVE-2016-4412

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/94519
https://security.gentoo.org/glsa/201701-32
https://www.phpmyadmin.net/security/PMASA-2016-57

Security Features in phpMyAdmin - CVE-2016-4412

Detailed vulnerability description

How to mitigate CVE-2016-4412

Sources

Please verify you're human