FKIE_CVE-2016-5739

Vulnerability from fkie_nvd - Published: 2016-07-03 01:59 - Updated: 2025-04-12 10:46
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html
cve@mitre.orghttp://www.debian.org/security/2016/dsa-3627
cve@mitre.orghttp://www.securityfocus.com/bid/91389
cve@mitre.orghttps://github.com/phpmyadmin/phpmyadmin/commit/1e5716cb96d46efc305381ae0da08e73fe340f05Patch
cve@mitre.orghttps://github.com/phpmyadmin/phpmyadmin/commit/2f4950828ec241e8cbdcf13090c2582a6fa620cbPatch
cve@mitre.orghttps://security.gentoo.org/glsa/201701-32
cve@mitre.orghttps://www.phpmyadmin.net/security/PMASA-2016-28/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2016/dsa-3627
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/91389
af854a3a-2127-422b-91ae-364da2661108https://github.com/phpmyadmin/phpmyadmin/commit/1e5716cb96d46efc305381ae0da08e73fe340f05Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/phpmyadmin/phpmyadmin/commit/2f4950828ec241e8cbdcf13090c2582a6fa620cbPatch
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201701-32
af854a3a-2127-422b-91ae-364da2661108https://www.phpmyadmin.net/security/PMASA-2016-28/Patch, Vendor Advisory
Impacted products
Vendor Product Version
opensuse leap 42.1
opensuse opensuse 13.1
opensuse opensuse 13.2
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.15.5
phpmyadmin phpmyadmin 4.4.15.6
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.0
phpmyadmin phpmyadmin 4.6.1
phpmyadmin phpmyadmin 4.6.2
phpmyadmin phpmyadmin 4.0.0
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.10
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.0.10.15
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13CD0228-728B-437A-84C1-BD7AFA52FFB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFF55485-9892-4E7B-AEE0-017E61EAA7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6100FE3E-0A31-4B55-90F2-90AF765A8EB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBAAC8D9-AAA5-487C-B4AA-84BAE5DB109E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E06B1D3-29B4-45B7-B81F-C864AF579011",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B2E3923-0E2B-411A-B091-088E6FF050D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1848C748-804D-4FE4-AB9C-B1BF9E58A19C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "12296322-DFAD-4B36-83EC-D01BF5DF7F2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA321C14-C8F4-41FC-B601-2F646064ABBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "54DBCF86-0CE8-46C4-B2E7-E3224765CCFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BF3DBC5-7020-48D0-ADEA-E71776DB2285",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "317F952E-5F12-4ED3-8FA3-FC1106B50F85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "87B97F98-C0A7-4D9E-8333-7EE9EC456A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A1E753D-5653-4D7A-8E41-6C02511EBFCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "417230C7-0EC2-49F4-B810-A8AE84A302AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "103FEAB1-194E-4CEF-935A-4DBCCA298205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5814003-9FF8-4F8E-9D90-A2BBB80B8451",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "16D28B77-9353-4259-9299-30638A78CCD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "C022292B-6E06-4328-842F-135A872D22AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F15F00FB-BB9B-4D54-B198-0A74D418B8DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC10AF20-7B65-4FAE-A2AD-783867D60A8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EB7190C-0401-4E2E-B15F-4CFC79D5A4E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BED20D9-C571-4BC5-9A54-450A364C6E43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A2B646D-DDFC-4CB2-B7F4-0C33AF18D14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CBF68B2-2BCF-4EEB-8A7C-D83DCAF1AFB4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C641F362-D37D-47CB-BE6C-36E5F116F844",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "A0EA8819-70F8-48DC-8667-6CF25E7D9C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DD2796DA-3E74-4765-90D1-783849C7A44C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4024DA77-BFE4-48C6-A2AF-46003071BDE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85631B69-7060-42D1-AE24-466BA10EB390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E62EDC79-47AA-4CED-AB7F-1E4D158EB653",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F06DC95-76B1-4E24-A55F-1358A25ED0E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CA76CB4-6167-446A-8D4F-6D5B38046334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8D28655-7F37-474D-A4E2-772AF24B94E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FA1951E-BD85-42BF-BF7F-79A14D165914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D08BEE8-5ACF-438D-9F06-86C6227C9A5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58DD0910-DBBA-4858-B9B1-FA93D08323D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "50DA8EBE-52AA-45A5-A5FB-75AF84E415E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC8D93A3-8997-4EB9-A411-74B296D1341F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E5A81B2-E16F-4AE2-9691-92D3E8A25CCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0245AF2D-F856-4CAA-A830-36D43026D1E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "00BD9E52-A6BB-48BB-9FEE-D0272AD9B6DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C69E253E-157D-45BA-A977-079A49F74A72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6325E2AE-BB86-4953-AA9E-0433C00B096E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C54B828-8B23-4C62-907E-8EE7E757B721",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DD18C8-172B-41CD-87DD-58BDEC0D9418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10666E30-D98A-47A9-881A-B281066F0EC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3993826B-CA66-4BC2-8E1B-06CF9230B214",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "14928F51-761E-4FCA-B13C-A11530C7FC46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB761644-20F5-4E0D-B301-7809EAECA813",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "896439D0-6C98-44A6-8C9D-0D57D57782D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "978B828C-1FCB-4386-B685-5BEE5A8A500C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "51A3261B-23BE-42D7-8A52-AE2E8C274A3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0B7EA51-27EC-4884-8D60-FB9477D2B91A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6C9F2CC-778B-4604-B463-7A1D3FB8B9C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B20C44D-0EF1-48F2-B0AA-C8FF0BD9E252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "40F85FEC-427E-487D-997E-7EE359475876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C825978-7E00-4C20-A806-0B968AA589AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "34986C36-1C93-4DA8-A4C2-0CB8B24BAD3E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n de Transformation en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.16, 4.4.x en versiones anteriores a 4.4.15.7 y 4.6.x en versiones anteriores a 4.6.3 no usa el mecanismo de protecci\u00f3n no-referrer Content Security Policy (CSP), lo que facilita a atacantes remotos llevar a cabo ataques CSRF leyendo un token autenticado en una cabecera Referer, relacionado con libraries/Header.php."
    }
  ],
  "id": "CVE-2016-5739",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-07-03T01:59:25.970",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2016/dsa-3627"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/91389"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/1e5716cb96d46efc305381ae0da08e73fe340f05"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/2f4950828ec241e8cbdcf13090c2582a6fa620cb"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201701-32"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.phpmyadmin.net/security/PMASA-2016-28/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2016/dsa-3627"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/91389"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/1e5716cb96d46efc305381ae0da08e73fe340f05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/2f4950828ec241e8cbdcf13090c2582a6fa620cb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201701-32"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.phpmyadmin.net/security/PMASA-2016-28/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.