CVE-2015-2206 in phpMyAdmininfo

Summary

libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

03/04/2015

Disclosure

03/09/2015

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
74383phpMyAdmin Libraries select_lang.lib.php information disclosure200Not definedOfficial fixCVE-2015-2206

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!