[Forgot Password]
Login  Register Subscribe

23631

 
 

115036

 
 

95906

 
 

909

 
 

77949

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-5621

Date: (C)2008-12-16   (M)2017-10-04
 
CVSS Score: 6.0Access Vector: NETWORK
Exploitability Subscore: 6.8Access Complexity: MEDIUM
Impact Subscore: 6.4Authentication: SINGLE_INSTANCE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.

Reference:
BID-32720
SECUNIA-33076
SECUNIA-33146
SECUNIA-33246
SECUNIA-33822
SECUNIA-33912
SREASON-4753
OSVDB-50894
EXPLOIT-DB-7382
ADV-2008-3402
ADV-2008-3501
DSA-1723
FEDORA-2008-11221
GLSA-200903-32
SUSE-SR:2009:003
http://www.openwall.com/lists/oss-security/2009/02/12/1
http://typo3.org/teams/security/security-bulletins/typo3-20081222-1/
http://www.phpmyadmin.net/home_page/security/PMASA-2008-10.php
phpmyadmin-tblstructure-csrf(47168)

CPE    20
cpe:/a:phpmyadmin:phpmyadmin:2.11.4.0
cpe:/a:phpmyadmin:phpmyadmin:3.0.0
cpe:/a:phpmyadmin:phpmyadmin:3.0.1
cpe:/a:phpmyadmin:phpmyadmin:2.11.1.0
...
CWE    1
CWE-352
OVAL    2
oval:org.mitre.oval:def:8145
oval:org.secpod.oval:def:600505

© 2013 SecPod Technologies