CVE-2016-4412

Published on: 12/10/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:26:57 PM UTC

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

Certain versions of Phpmyadmin from Phpmyadmin contain the following vulnerability:

An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user's valid phpMyAdmin token. All 4.0.x versions (prior to 4.0.10.16) are affected.

  • CVE-2016-4412 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 4.4 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK HIGH LOW REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
CHANGED LOW LOW NONE

CVSS2 Score: 3.6 - LOW

Access
Vector
Access
Complexity
Authentication
NETWORK HIGH SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL NONE

CVE References

Description Tags Link
phpMyAdmin: Multiple vulnerabilities (GLSA 201701-32) — Gentoo security security.gentoo.org
text/html
URL Logo GENTOO GLSA-201701-32
phpMyAdmin CVE-2016-4412 Open Redirection Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 94519
phpMyAdmin - Security - PMASA-2016-57 Patch
Vendor Advisory
www.phpmyadmin.net
text/html
URL Logo CONFIRM www.phpmyadmin.net/security/PMASA-2016-57

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationPhpmyadminPhpmyadmin4.0.0AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.1AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.1AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.10AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.11AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.12AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.13AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.14AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.15AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.2AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.3AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.4AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.5AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.6AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.7AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.8AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.9AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.2AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.3AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.4AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.4.1AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.4.2AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.5AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.6AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.7AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.8AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.9AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.0AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.1AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.1AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.10AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.11AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.12AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.13AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.14AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.15AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.2AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.3AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.4AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.5AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.6AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.7AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.8AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.10.9AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.2AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.3AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.4AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.4.1AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.4.2AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.5AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.6AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.7AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.8AllAllAll
ApplicationPhpmyadminPhpmyadmin4.0.9AllAllAll
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.13:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.14:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.15:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.13:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.14:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.15:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.9:*:*:*:*:*:*:*: