CVE-2016-2041

Published: Feb 20, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.

Affected (50)

Products: Fedoraproject: Fedora · Phpmyadmin: Phpmyadmin · Opensuse: Leap, Opensuse

1 product

1 product

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 22
Fedoraproject Fedora	Version 23

Configuration B

45 vulnerable

Vulnerable Software	Affected Versions
Phpmyadmin Phpmyadmin	Version 4.0.0
Phpmyadmin Phpmyadmin	Version 4.0.0 rc2
Phpmyadmin Phpmyadmin	Version 4.0.0 rc3
Phpmyadmin Phpmyadmin	Version 4.0.10.10
Phpmyadmin Phpmyadmin	Version 4.0.10.11
Phpmyadmin Phpmyadmin	Version 4.0.10.12
Phpmyadmin Phpmyadmin	Version 4.0.10.1
Phpmyadmin Phpmyadmin	Version 4.0.10.2
Phpmyadmin Phpmyadmin	Version 4.0.10.3
Phpmyadmin Phpmyadmin	Version 4.0.10.4
Phpmyadmin Phpmyadmin	Version 4.0.10.5
Phpmyadmin Phpmyadmin	Version 4.0.10.6
Phpmyadmin Phpmyadmin	Version 4.0.10.7
Phpmyadmin Phpmyadmin	Version 4.0.10.8
Phpmyadmin Phpmyadmin	Version 4.0.10.9
Phpmyadmin Phpmyadmin	Version 4.0.10
Phpmyadmin Phpmyadmin	Version 4.0.1
Phpmyadmin Phpmyadmin	Version 4.4.0
Phpmyadmin Phpmyadmin	Version 4.4.1.1
Phpmyadmin Phpmyadmin	Version 4.4.10
Phpmyadmin Phpmyadmin	Version 4.4.11
Phpmyadmin Phpmyadmin	Version 4.4.12
Phpmyadmin Phpmyadmin	Version 4.4.13.1
Phpmyadmin Phpmyadmin	Version 4.4.13
Phpmyadmin Phpmyadmin	Version 4.4.14.1
Phpmyadmin Phpmyadmin	Version 4.4.15.1
Phpmyadmin Phpmyadmin	Version 4.4.15.2
Phpmyadmin Phpmyadmin	Version 4.4.15.3
Phpmyadmin Phpmyadmin	Version 4.4.15
Phpmyadmin Phpmyadmin	Version 4.4.1
Phpmyadmin Phpmyadmin	Version 4.4.2
Phpmyadmin Phpmyadmin	Version 4.4.3
Phpmyadmin Phpmyadmin	Version 4.4.4
Phpmyadmin Phpmyadmin	Version 4.4.5
Phpmyadmin Phpmyadmin	Version 4.4.6.1
Phpmyadmin Phpmyadmin	Version 4.4.6
Phpmyadmin Phpmyadmin	Version 4.4.7
Phpmyadmin Phpmyadmin	Version 4.4.8
Phpmyadmin Phpmyadmin	Version 4.4.9
Phpmyadmin Phpmyadmin	Version 4.5.0.1
Phpmyadmin Phpmyadmin	Version 4.5.0.2
Phpmyadmin Phpmyadmin	Version 4.5.0
Phpmyadmin Phpmyadmin	Version 4.5.1
Phpmyadmin Phpmyadmin	Version 4.5.2
Phpmyadmin Phpmyadmin	Version 4.5.3