libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. Publish Date : 2015-03-09 Last Update Date : 2015-03-23
- CVSS Scores & Vulnerability Types
CVSS Score
5.0
Confidentiality Impact
Partial(There is considerable informational disclosure.)
Integrity Impact
None(There is no impact to the integrity of the system)
Availability Impact
None(There is no impact to the availability of the system.)
Access Complexity
Low(Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication
Not required(Authentication is not required to exploit the vulnerability.)