Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2015-2206 - Vulnerability Database
phpMyAdmin

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2015-2206

Medium
Reference: CVE-2015-2206
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-2206
Title: phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9 4.2.x before 4.2.13.2 and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.