CVE-2016-2039
MEDIUM5.3EPSS 0.38%phpmyadmin - security update
Published: 2/20/2016Modified: 5/7/2026
Description
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
Affected packages (2)
- Debian/phpmyadminfrom 0, < 4:4.5.4-1
- Debian/phpmyadminfrom 0, < 4:3.3.7-11
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |