CVE-2016-5097

EPSS 0.55%
Published 05.07.2016 01:59:05
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.

Affected products Warnungen 0 Metrics 3 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Opensuse ≫ Opensuse Version13.1

Phpmyadmin ≫ Phpmyadmin Version <= 4.6.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.55%	0.672

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://security.gentoo.org/glsa/201701-32

http://lists.opensuse.org/opensuse-updates/2016-06/msg00043.html

http://www.securitytracker.com/id/1035978

https://github.com/phpmyadmin/phpmyadmin/commit/11eb574242d2526107366d367ab5585fbe29578f

Patch

https://github.com/phpmyadmin/phpmyadmin/commit/59e56bd63a5e023b797d82eb272cd074e3b4bfd1

Patch

https://github.com/phpmyadmin/phpmyadmin/commit/5fc8020c5ba9cd2e38beb5dfe013faf2103cdf0f

Patch

https://github.com/phpmyadmin/phpmyadmin/commit/8326aaebe54083d9726e153abdd303a141fe5ad3

Patch

https://www.phpmyadmin.net/security/PMASA-2016-14

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-5097

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-5097

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-5097

EUVD