{"id":"CVE-2016-4412","details":"An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user's valid phpMyAdmin token. All 4.0.x versions (prior to 4.0.10.16) are affected.","modified":"2026-04-11T16:50:29.688434Z","published":"2016-12-11T02:59:09.030Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/94519"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-32"},{"type":"FIX","url":"https://www.phpmyadmin.net/security/PMASA-2016-57"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/phpmyadmin/phpmyadmin","events":[{"introduced":"0"},{"last_affected":"6da64cc3b2ba4439574f914f51e161645375be96"},{"last_affected":"3df57a818917737d65e0e1c7cce80e9eb69e5e0b"},{"last_affected":"2189c875356fc1af21c6da32235bf24f60f53b96"},{"last_affected":"3c96596f7d897e048be4c2c85d941aadd6141ba9"},{"last_affected":"64c2b9a59c09e4a04be2238553c3fcfbc58b7949"},{"last_affected":"e0c1ed02a11b4ed46d82a31b7f95030854865add"},{"last_affected":"ad54449d105365dbbd39ae879306f1037fe238cd"},{"last_affected":"2fecc279f5d51e00a203cd400ace24b6053969a4"},{"last_affected":"21eda1c2c42d28370b91c99017dcee7eef9691fd"},{"last_affected":"b8f86592e900310f0b39d8e5270b26bebd0cfad8"},{"last_affected":"52b6cfde9f581ee6818db0e3f5d80db8c29dfa34"},{"last_affected":"c68478ad7d0523e42aa789ba24ea5f9018510047"},{"last_affected":"82161a6c30a9ac2502d822e29cfb66beae7eeb4c"},{"last_affected":"f86761326c97eb5e2c9cefa2b1871252357f00a0"},{"last_affected":"5e5261284190c6fe6985547fbd19d3345df14be1"},{"last_affected":"ceb7d7e1b2f8ab1e61710d0d061f10193a6c44c5"},{"last_affected":"5118938f103e0022329847b654fcd99c8cb37de7"},{"last_affected":"d0f7dc79905f4795d328a018772871f9f98957fc"},{"last_affected":"13a288d0da6e79b99acb9052bcf31b6650c624b5"},{"last_affected":"00828f9ccb1024fbcd528f41dfdf28fab918dfff"},{"last_affected":"5004dc40980b8dfe04c328abed85fde991833624"},{"last_affected":"a395665715a3f56db9692486d120fb1dc00bcc5d"},{"last_affected":"d81165f34555c5202d8150ae1d080834dd601d5b"},{"last_affected":"2694c36ef6e86de019196698a9de1953645fba97"},{"last_affected":"66149607b1b578bbedc0a90e3c000e8c410c7c8e"},{"last_affected":"16136ea0ef224ed22c3dffd629e3e147579f5f38"},{"last_affected":"f1668937772688de3bbd707cee23ef8653756f32"},{"last_affected":"b1cc43ee7f8607c80889570912c5a54b7409b4d1"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"4.0.0"},{"last_affected":"4.0.1"},{"last_affected":"4.0.2"},{"last_affected":"4.0.3"},{"last_affected":"4.0.4"},{"last_affected":"4.0.4.1"},{"last_affected":"4.0.4.2"},{"last_affected":"4.0.5"},{"last_affected":"4.0.6"},{"last_affected":"4.0.7"},{"last_affected":"4.0.8"},{"last_affected":"4.0.9"},{"last_affected":"4.0.10"},{"last_affected":"4.0.10.1"},{"last_affected":"4.0.10.2"},{"last_affected":"4.0.10.3"},{"last_affected":"4.0.10.4"},{"last_affected":"4.0.10.5"},{"last_affected":"4.0.10.6"},{"last_affected":"4.0.10.7"},{"last_affected":"4.0.10.8"},{"last_affected":"4.0.10.9"},{"last_affected":"4.0.10.10"},{"last_affected":"4.0.10.11"},{"last_affected":"4.0.10.12"},{"last_affected":"4.0.10.13"},{"last_affected":"4.0.10.14"},{"last_affected":"4.0.10.15"}],"source":"CPE_FIELD","cpe":["cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.3:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.1:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.2:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.5:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.6:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.7:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.8:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.9:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.1:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.2:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.3:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.4:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.5:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.6:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.7:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.8:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.9:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.10:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.11:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.12:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.13:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.14:*:*:*:*:*:*:*","cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.15:*:*:*:*:*:*:*"]}}],"versions":["RELEASE_2_2_0","RELEASE_2_2_1","RELEASE_2_2_2","RELEASE_2_2_3","RELEASE_2_2_4","RELEASE_2_2_5","RELEASE_2_2_6","RELEASE_2_2_7PL1","RELEASE_2_3_0","RELEASE_2_3_1","RELEASE_2_3_2","RELEASE_2_3_3PL1","RELEASE_2_4_0","RELEASE_2_5_0","RELEASE_2_5_1","RELEASE_2_5_2","RELEASE_2_5_4","RELEASE_2_5_5PL1","RELEASE_2_5_6","RELEASE_2_5_7PL1","RELEASE_2_6_1PL3","RELEASE_2_6_2PL1","RELEASE_2_6_3PL1","RELEASE_2_6_4PL4","RELEASE_2_7_0PL2","RELEASE_2_8_0_4","RELEASE_2_8_1","RELEASE_2_8_2_4","RELEASE_2_9_0","RELEASE_3_4_0RC2","RELEASE_3_5_0ALPHA1","RELEASE_4_0_0","RELEASE_4_0_0ALPHA2","RELEASE_4_0_0BETA3","RELEASE_4_0_0RC1","RELEASE_4_0_0RC2","RELEASE_4_0_0RC3","RELEASE_4_0_0RC4","RELEASE_4_0_1","RELEASE_4_0_10","RELEASE_4_0_10_1","RELEASE_4_0_10_10","RELEASE_4_0_10_11","RELEASE_4_0_10_12","RELEASE_4_0_10_13","RELEASE_4_0_10_14","RELEASE_4_0_10_15","RELEASE_4_0_10_2","RELEASE_4_0_10_3","RELEASE_4_0_10_4","RELEASE_4_0_10_5","RELEASE_4_0_10_6","RELEASE_4_0_10_7","RELEASE_4_0_10_8","RELEASE_4_0_10_9","RELEASE_4_0_1RC1","RELEASE_4_0_2","RELEASE_4_0_2RC1","RELEASE_4_0_3","RELEASE_4_0_3RC1","RELEASE_4_0_4","RELEASE_4_0_4RC1","RELEASE_4_0_4_1","RELEASE_4_0_4_2","RELEASE_4_0_5","RELEASE_4_0_5RC1","RELEASE_4_0_5RC2","RELEASE_4_0_6","RELEASE_4_0_6RC1","RELEASE_4_0_6RC2","RELEASE_4_0_7","RELEASE_4_0_7RC1","RELEASE_4_0_8","RELEASE_4_0_8RC1","RELEASE_4_0_9","RELEASE_4_0_9RC1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4412.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}