|Date: (C)2008-12-16 (M)2017-11-18|| |
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 18.104.22.168 and 3.x before 22.214.171.124 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.
|CVSS Score: 6.0||Access Vector: NETWORK|
|Exploit Score: 6.8||Access Complexity: MEDIUM|
|Impact Score: 6.4||Authentication: SINGLE_INSTANCE|
| ||Confidentiality: PARTIAL|
| ||Integrity: PARTIAL|
| ||Availability: PARTIAL|