phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI.
{ "nvd_published_at": "2016-07-03T01:59:00Z", "cwe_ids": [], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2023-07-31T19:55:43Z" }