[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-3456Date: (C)2008-08-04   (M)2023-12-22


phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.4
Exploit Score: 10.0
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-30420
SECUNIA-31263
SECUNIA-31312
SECUNIA-32834
ADV-2008-2226
DSA-1641
FEDORA-2008-6810
FEDORA-2008-6868
MDVSA-2008:202
SUSE-SR:2008:026
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6
http://yehg.net/lab/pr0js/advisories/Cross-Site_Framing_inphpMyAdmin2.11.7.pdf
phpmyadmin-multiple-weak-security(44050)

CPE    13
cpe:/a:phpmyadmin:phpmyadmin:2.11.1.0
cpe:/a:phpmyadmin:phpmyadmin:2.11.4.0
cpe:/a:phpmyadmin:phpmyadmin:2.11.2.2
cpe:/a:phpmyadmin:phpmyadmin:2.11.5.0
...
CWE    1
CWE-59
OVAL    1
oval:org.mitre.oval:def:8155

© SecPod Technologies