Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-5702

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI.

Published

2016-07-03T01:59:13.407

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 3.7 (LOW)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-254
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application phpmyadmin phpmyadmin 4.6.0 Yes
Application phpmyadmin phpmyadmin 4.6.0 Yes
Application phpmyadmin phpmyadmin 4.6.0 Yes
Application phpmyadmin phpmyadmin 4.6.0 Yes
Application phpmyadmin phpmyadmin 4.6.1 Yes
Application phpmyadmin phpmyadmin 4.6.2 Yes
References