Descriptionlibraries/select_lang.lib.php in phpMyAdmin 4.0.x before 126.96.36.199, 4.2.x before 188.8.131.52, and 4.3.x before 184.108.40.206 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
SUSE Security Advisories:
- openSUSE-SU-2015:1191-1, published Sat, 4 Jul 2015 12:05:49 +0200 (CEST)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Tumbleweed|| ||Patchnames: |
openSUSE Tumbleweed GA phpMyAdmin-220.127.116.11-1.1
SUSE Timeline for this CVECVE page created: Wed Mar 4 22:40:15 2015
CVE page last modified: Fri Oct 7 12:47:04 2022