FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpMyAdmin -- Risk of BREACH attack due to reflected parameter

Affected packages
4.3.0 <= phpMyAdmin <


VuXML ID 81b4c118-c586-11e4-8495-6805ca0b3d42
Discovery 2015-03-04
Entry 2015-03-08

The phpMyAdmin development team reports:

Risk of BREACH attack due to reflected parameter.

With a large number of crafted requests it was possible to infer the CSRF token by a BREACH attack.

Mitigation factor: this vulnerability can only be exploited in the presence of another vulnerability that allows the attacker to inject JavaScript into victim's browser.


CVE Name CVE-2015-2206