Published: 01/03/2016 Updated: 03/12/2016

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x prior to 4.0.10.15, 4.4.x prior to 4.4.15.5, and 4.5.x prior to 4.5.5.1 allow remote malicious users to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpmyadmin phpmyadmin 4.5.3
phpmyadmin phpmyadmin 4.5.2
phpmyadmin phpmyadmin 4.5.0
phpmyadmin phpmyadmin 4.4.14
phpmyadmin phpmyadmin 4.4.4
phpmyadmin phpmyadmin 4.4.3
phpmyadmin phpmyadmin 4.4.13.1
phpmyadmin phpmyadmin 4.4.13
phpmyadmin phpmyadmin 4.0.10.14
phpmyadmin phpmyadmin 4.0.10.13
phpmyadmin phpmyadmin 4.0.9
phpmyadmin phpmyadmin 4.0.4
phpmyadmin phpmyadmin 4.0.3
phpmyadmin phpmyadmin 4.0.10.4
phpmyadmin phpmyadmin 4.0.10.3
phpmyadmin phpmyadmin 4.0.1
phpmyadmin phpmyadmin 4.0.0
phpmyadmin phpmyadmin 4.5.5
phpmyadmin phpmyadmin 4.5.4.1
phpmyadmin phpmyadmin 4.5.0.1
phpmyadmin phpmyadmin 4.4.7
phpmyadmin phpmyadmin 4.4.6.1
phpmyadmin phpmyadmin 4.4.15.2
phpmyadmin phpmyadmin 4.4.15.1
phpmyadmin phpmyadmin 4.4.10
phpmyadmin phpmyadmin 4.4.1.1
phpmyadmin phpmyadmin 4.0.6
phpmyadmin phpmyadmin 4.0.5
phpmyadmin phpmyadmin 4.0.10.8
phpmyadmin phpmyadmin 4.0.10.7
phpmyadmin phpmyadmin 4.0.10.11
phpmyadmin phpmyadmin 4.0.10.10
phpmyadmin phpmyadmin 4.5.1
phpmyadmin phpmyadmin 4.5.0.2
phpmyadmin phpmyadmin 4.4.15.4
phpmyadmin phpmyadmin 4.4.9
phpmyadmin phpmyadmin 4.4.8
phpmyadmin phpmyadmin 4.4.2
phpmyadmin phpmyadmin 4.4.15.3
phpmyadmin phpmyadmin 4.4.12
phpmyadmin phpmyadmin 4.4.11
phpmyadmin phpmyadmin 4.0.8
phpmyadmin phpmyadmin 4.0.7
phpmyadmin phpmyadmin 4.0.2
phpmyadmin phpmyadmin 4.0.10.9
phpmyadmin phpmyadmin 4.0.10.2
phpmyadmin phpmyadmin 4.0.10.12
phpmyadmin phpmyadmin 4.5.4
phpmyadmin phpmyadmin 4.5.3.1
phpmyadmin phpmyadmin 4.4.6
phpmyadmin phpmyadmin 4.4.5
phpmyadmin phpmyadmin 4.4.15
phpmyadmin phpmyadmin 4.4.14.1
phpmyadmin phpmyadmin 4.4.1
phpmyadmin phpmyadmin 4.4.0
phpmyadmin phpmyadmin 4.0.4.2
phpmyadmin phpmyadmin 4.0.4.1
phpmyadmin phpmyadmin 4.0.10.6
phpmyadmin phpmyadmin 4.0.10.5
phpmyadmin phpmyadmin 4.0.10.1
phpmyadmin phpmyadmin 4.0.10

Several vulnerabilities have been fixed in phpMyAdmin, the web-based MySQL administration interface CVE-2016-1927 The suggestPassword function relied on a non-secure random number generator which makes it easier for remote attackers to guess generated passwords via a brute-force approach CVE-2016-2039 CSRF token values were gener ...

CWE-79 https://github.com/phpmyadmin/phpmyadmin/commit/c842a0de9288033d25404d1d6eb22dd83033675f https://github.com/phpmyadmin/phpmyadmin/commit/ab1283e8366c97a155d4e9ae58628a248458ea32 https://github.com/phpmyadmin/phpmyadmin/commit/41c4e0214c286f28830cca54423b5db57e7c0ce4 https://www.phpmyadmin.net/security/PMASA-2016-11/https://github.com/phpmyadmin/phpmyadmin/commit/7877a9c0084bf8ae15cbd8d2729b126271f682cc https://github.com/phpmyadmin/phpmyadmin/commit/38fa1191049ac0c626a6684eea52068dfbbb5078 http://www.debian.org/security/2016/dsa-3627 http://lists.opensuse.org/opensuse-updates/2016-03/msg00018.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178562.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00020.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178869.html https://nvd.nist.gov https://www.debian.org/security/./dsa-3627

CVE-2016-2560

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect