Base Score

LOW3.7

CVE-2016-5702

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI.

VectorNETWORK

Published Bycve@mitre.org

Published DateJul 03, 2016, 01:59

Affected Versions(1)

phpmyadmin/phpmyadmin(Packagist)

Introduced4.6.0

Fixed4.6.3

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
phpmyadmin/phpmyadmin(Packagist)	4.6.0	4.6.3	N/A

Weakness Type (CWE):CWE-254

CVSS Metrics

Base Score

3.7

Vector String

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Base Severity

LOW

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

LOW

Availability (A)

NONE

References

Base Score

LOW3.7

Weakness Type (CWE):CWE-254

CVSS Metrics

Base Score

3.7

Vector String

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Base Severity

LOW

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

LOW

Availability (A)

NONE