CVE-2016-5097 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-5097 Interim 1 7 2022-10-15T16:36:19Z current 2021-05-30T13:42:47Z 2022-10-15T16:36:19Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-5097 phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-updates/2016-06/msg00043.html E-Mail link for openSUSE-SU-2016:1556-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed phpMyAdmin-4.6.5.2-1.1 phpMyAdmin-4.6.5.2-1.1 as a component of openSUSE Tumbleweed phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs. CVE-2016-5097 openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N