CVE-2016-5097

EPSS 0.55%
Veröffentlicht 05.07.2016 01:59:05
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Opensuse ≫ Opensuse Version13.1

Phpmyadmin ≫ Phpmyadmin Version <= 4.6.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.55%	0.672

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://security.gentoo.org/glsa/201701-32

http://lists.opensuse.org/opensuse-updates/2016-06/msg00043.html

http://www.securitytracker.com/id/1035978

https://github.com/phpmyadmin/phpmyadmin/commit/11eb574242d2526107366d367ab5585fbe29578f

Patch

https://github.com/phpmyadmin/phpmyadmin/commit/59e56bd63a5e023b797d82eb272cd074e3b4bfd1

Patch

https://github.com/phpmyadmin/phpmyadmin/commit/5fc8020c5ba9cd2e38beb5dfe013faf2103cdf0f

Patch

https://github.com/phpmyadmin/phpmyadmin/commit/8326aaebe54083d9726e153abdd303a141fe5ad3

Patch

https://www.phpmyadmin.net/security/PMASA-2016-14

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-5097

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-5097

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-5097

EUVD