phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI.
{ "binaries": [ { "binary_version": "4:4.0.10-1ubuntu0.1+esm4", "binary_name": "phpmyadmin" } ] }
{ "binaries": [ { "binary_version": "4:4.5.4.1-2ubuntu2.1+esm6", "binary_name": "phpmyadmin" } ] }