CVE-2016-2039 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-2039 Interim 1 9 2023-12-08T01:58:15Z current 2021-05-30T13:38:57Z 2023-12-08T01:58:15Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-2039 libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed phpMyAdmin-4.6.5.2-1.1 phpMyAdmin-4.6.5.2-1.1 as a component of openSUSE Tumbleweed libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value. CVE-2016-2039 openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1 important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N