Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
phpMyAdmin Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2016-9866 - Vulnerability Database
phpMyAdmin

phpMyAdmin Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2016-9866

Critical
Reference: CVE-2016-9866
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-9866
Title: phpMyAdmin Cross-Site Request Forgery (CSRF) Vulnerability
Overview:

An issue was discovered in phpMyAdmin. When the arg_separator is different from its default amp value the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5) 4.4.x versions (prior to 4.4.15.9) and 4.0.x versions (prior to 4.0.10.18) are affected.