Bugzilla – Bug 982126
VUL-0: CVE-2016-5097: phpmyadmin: Sensitive Data in URL GET Query Parameters (PMASA-2016-14)
Last modified: 2016-05-30 07:27:45 UTC
https://www.phpmyadmin.net/security/PMASA-2016-14/ Announcement-ID: PMASA-2016-14 Date: 2016-05-25 Updated: 2016-05-26 Summary: Sensitive Data in URL GET Query Parameters Description: Because user SQL queries are part of the URL, sensitive information made as part of a user query can be exposed by clicking on external links to attackers monitoring user GET query parameters or included in the webserver logs. Mitigation: Avoid clicking on external links in phpMyAdmin which are not redirected through url.php script. Affected Versions: All versions prior 4.6.2 are affected. Solution: Upgrade to phpMyAdmin 4.6.2 or newer or apply patches listed below. Assigned CVE ids: CVE-2016-5097 CWE ids: CWE-661 Patches The following commits have been made on the 4.6 branch to fix this issue: 11eb574242d2526107366d367ab5585fbe29578f 5fc8020c5ba9cd2e38beb5dfe013faf2103cdf0f 8326aaebe54083d9726e153abdd303a141fe5ad3 59e56bd63a5e023b797d82eb272cd074e3b4bfd1
This is an autogenerated message for OBS integration: This bug (982126) was mentioned in https://build.opensuse.org/request/show/398585 Factory / phpMyAdmin
As per changelog from 4.4.15.6 only PMASA-2016-16 was fixed. And now?
All done, resolving as fixed
see https://bugzilla.opensuse.org/show_bug.cgi?id=982128#c4