phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Phpmyadmin | Phpmyadmin | 4.6.0 (including) | 4.6.0 (including) |
Phpmyadmin | Phpmyadmin | 4.6.0-alpha1 (including) | 4.6.0-alpha1 (including) |
Phpmyadmin | Phpmyadmin | 4.6.0-rc1 (including) | 4.6.0-rc1 (including) |
Phpmyadmin | Phpmyadmin | 4.6.0-rc2 (including) | 4.6.0-rc2 (including) |
Phpmyadmin | Phpmyadmin | 4.6.1 (including) | 4.6.1 (including) |
Phpmyadmin | Phpmyadmin | 4.6.2 (including) | 4.6.2 (including) |