CVE-2016-5739

Published: Jul 3, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php.

Affected (62)

Products: Opensuse: Leap, Opensuse · Phpmyadmin: Phpmyadmin

2 products

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.1
Opensuse Opensuse	Version 13.1
Opensuse Opensuse	Version 13.2

Configuration B

25 vulnerable

Vulnerable Software	Affected Versions
Phpmyadmin Phpmyadmin	Version 4.4.0
Phpmyadmin Phpmyadmin	Version 4.4.1.1
Phpmyadmin Phpmyadmin	Version 4.4.10
Phpmyadmin Phpmyadmin	Version 4.4.11
Phpmyadmin Phpmyadmin	Version 4.4.12
Phpmyadmin Phpmyadmin	Version 4.4.13.1
Phpmyadmin Phpmyadmin	Version 4.4.13
Phpmyadmin Phpmyadmin	Version 4.4.14.1
Phpmyadmin Phpmyadmin	Version 4.4.15.1
Phpmyadmin Phpmyadmin	Version 4.4.15.2
Phpmyadmin Phpmyadmin	Version 4.4.15.3
Phpmyadmin Phpmyadmin	Version 4.4.15.4
Phpmyadmin Phpmyadmin	Version 4.4.15.5
Phpmyadmin Phpmyadmin	Version 4.4.15.6
Phpmyadmin Phpmyadmin	Version 4.4.15
Phpmyadmin Phpmyadmin	Version 4.4.1
Phpmyadmin Phpmyadmin	Version 4.4.2
Phpmyadmin Phpmyadmin	Version 4.4.3
Phpmyadmin Phpmyadmin	Version 4.4.4
Phpmyadmin Phpmyadmin	Version 4.4.5
Phpmyadmin Phpmyadmin	Version 4.4.6.1
Phpmyadmin Phpmyadmin	Version 4.4.6
Phpmyadmin Phpmyadmin	Version 4.4.7
Phpmyadmin Phpmyadmin	Version 4.4.8
Phpmyadmin Phpmyadmin	Version 4.4.9

Configuration C

6 vulnerable

Vulnerable Software	Affected Versions
Phpmyadmin Phpmyadmin	Version 4.6.0
Phpmyadmin Phpmyadmin	Version 4.6.0 alpha1
Phpmyadmin Phpmyadmin	Version 4.6.0 rc1
Phpmyadmin Phpmyadmin	Version 4.6.0 rc2
Phpmyadmin Phpmyadmin	Version 4.6.1
Phpmyadmin Phpmyadmin	Version 4.6.2

Configuration D

28 vulnerable

Vulnerable Software	Affected Versions
Phpmyadmin Phpmyadmin	Version 4.0.0
Phpmyadmin Phpmyadmin	Version 4.0.10.10
Phpmyadmin Phpmyadmin	Version 4.0.10.11
Phpmyadmin Phpmyadmin	Version 4.0.10.12
Phpmyadmin Phpmyadmin	Version 4.0.10.13
Phpmyadmin Phpmyadmin	Version 4.0.10.14
Phpmyadmin Phpmyadmin	Version 4.0.10.15
Phpmyadmin Phpmyadmin	Version 4.0.10.1
Phpmyadmin Phpmyadmin	Version 4.0.10.2
Phpmyadmin Phpmyadmin	Version 4.0.10.3
Phpmyadmin Phpmyadmin	Version 4.0.10.4
Phpmyadmin Phpmyadmin	Version 4.0.10.5
Phpmyadmin Phpmyadmin	Version 4.0.10.6
Phpmyadmin Phpmyadmin	Version 4.0.10.7
Phpmyadmin Phpmyadmin	Version 4.0.10.8
Phpmyadmin Phpmyadmin	Version 4.0.10.9
Phpmyadmin Phpmyadmin	Version 4.0.10
Phpmyadmin Phpmyadmin	Version 4.0.1
Phpmyadmin Phpmyadmin	Version 4.0.2
Phpmyadmin Phpmyadmin	Version 4.0.3
Phpmyadmin Phpmyadmin	Version 4.0.4.1
Phpmyadmin Phpmyadmin	Version 4.0.4.2
Phpmyadmin Phpmyadmin	Version 4.0.4
Phpmyadmin Phpmyadmin	Version 4.0.5
Phpmyadmin Phpmyadmin	Version 4.0.6
Phpmyadmin Phpmyadmin	Version 4.0.7
Phpmyadmin Phpmyadmin	Version 4.0.8
Phpmyadmin Phpmyadmin	Version 4.0.9