Lucene search

GitHub Advisory DatabaseGHSA-R2VW-P77F-VC27

HistoryMay 17, 2022 - 2:36 a.m.

phpMyAdmin Bypass logout timeout

2022-05-1702:36:38

CWE-384

GitHub Advisory Database

github.com

phpmyadmin

logout bypass

security issue

version 4.4.x

version 4.6.x

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

Confidence

Low

EPSS

0.003

Percentile

67.8%

JSON

An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.

Affected configurations

Vulners

Node

phpmyadminphpmyadminRange4.4–4.4.15.9

phpmyadminphpmyadminRange4.6–4.6.5

VendorProductVersionCPE
phpmyadminphpmyadmin*cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	*	cpe:2.3:a:phpmyadmin:phpmyadmin::::::::

References

www.securityfocus.com/bid/94534

github.com/advisories/GHSA-r2vw-p77f-vc27

nvd.nist.gov/vuln/detail/CVE-2016-9851

security.gentoo.org/glsa/201701-32

www.phpmyadmin.net/security/PMASA-2016-62

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

Confidence

Low

EPSS

0.003

Percentile

67.8%

JSON

Related for GHSA-R2VW-P77F-VC27