Candidate: CVE-2016-5097
PublicDate: 2016-07-05 01:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5097
 https://www.phpmyadmin.net/security/PMASA-2016-14/
Description:
 phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange
 for them to be stripped before external navigation, which allows remote
 attackers to obtain sensitive information by reading (1) HTTP requests or
 (2) server logs.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM]

Patches_phpmyadmin:
upstream_phpmyadmin: released (4:4.6.2-1)
precise_phpmyadmin: ignored (reached end-of-life)
precise/esm_phpmyadmin: DNE (precise was needs-triage)
trusty_phpmyadmin: ignored (out of standard support)
trusty/esm_phpmyadmin: needed
vivid/stable-phone-overlay_phpmyadmin: DNE
vivid/ubuntu-core_phpmyadmin: DNE
wily_phpmyadmin: ignored (reached end-of-life)
xenial_phpmyadmin: ignored (end of standard support, was needed)
yakkety_phpmyadmin: not-affected (4:4.6.2-1)
zesty_phpmyadmin: not-affected (4:4.6.2-1)
artful_phpmyadmin: not-affected (4:4.6.2-1)
bionic_phpmyadmin: not-affected (4:4.6.2-1)
cosmic_phpmyadmin: not-affected (4:4.6.2-1)
disco_phpmyadmin: not-affected (4:4.6.2-1)
eoan_phpmyadmin: DNE
focal_phpmyadmin: not-affected (4:4.6.2-1)
groovy_phpmyadmin: not-affected (4:4.6.2-1)
hirsute_phpmyadmin: not-affected (4:4.6.2-1)
impish_phpmyadmin: not-affected (4:4.6.2-1)
jammy_phpmyadmin: not-affected (4:4.6.2-1)
devel_phpmyadmin: not-affected (4:4.6.2-1)