CVE-2016-4412
phpmyadmin - security update
4.4
MEDIUM
CVSS 3.1
EPSS 0.24%
Description
An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user's valid phpMyAdmin token. All 4.0.x versions (prior to 4.0.10.16) are affected.
How to fix CVE-2016-4412
To remediate CVE-2016-4412, upgrade the affected package to a fixed version below.
- —upgrade to 4:4.1.7-1 or later
- —upgrade to 4:3.4.11.1-2+deb7u7 or later
Is CVE-2016-4412 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4:4.1.7-1
- from 0, < 4:3.4.11.1-2+deb7u7
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.4 | CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N |