PT-2016-7859 · Phpmyadmin+3 · Phpmyadmin+3

E3Amn2L

+1

·

Publicado

2014-05-05

·

Atualizado

2024-06-15

·

CVE-2016-9866

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions phpMyAdmin versions 4.0.x prior to 4.0.10.18 phpMyAdmin versions 4.4.x prior to 4.4.15.9 phpMyAdmin versions 4.6.x prior to 4.6.5
Description An issue was discovered in phpMyAdmin. When the arg separator is different from its default '&' value, the CSRF token was not properly stripped from the return URL of the preference import action.
Recommendations For versions 4.0.x prior to 4.0.10.18, update to version 4.0.10.18 or later. For versions 4.4.x prior to 4.4.15.9, update to version 4.4.15.9 or later. For versions 4.6.x prior to 4.6.5, update to version 4.6.5 or later.

Exploit

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

ALT-PU-2014-1591
ALT-PU-2016-2421
CVE-2016-9866
GHSA-JVXX-8XXF-5495
MGASA-2016-0416
OPENSUSE-SU-2024:10054-1
USN-4843-1

Produtos afetados

Alt Linux
Linuxmint
Ubuntu
Phpmyadmin