7PK - Security Features

CVE-2016-4412

Medium

4.4/10

Summary

An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user's valid phpMyAdmin token. All 4.0.x versions (prior to 4.0.10.16) are affected.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-254 - Security Features

Security features are integrated into the application infrastructure to protect its resources and the trusted environment against a known exploit, threat, or vulnerability. However, flawed, disabled, or absent security features expose the application to a variety of attacks. This is a multidimensional vulnerability with broad potential impact. It can lead to defacement, confidentiality compromise, system takeover, etc.

References

Advisory

Advisory Timeline

Published Dec 10, 2016

7PK - Security Features

CVE-2016-4412

Summary

CWE-254 - Security Features

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS