[Forgot Password]
Login  Register Subscribe

23631

 
 

127000

 
 

102010

 
 

909

 
 

81059

 
 

123

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2008-5621Date: (C)2008-12-16   (M)2018-02-19


Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score  : CVSS Score  : 6.0
Exploit Score: Exploit Score: 6.8
Impact Score : Impact Score : 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: SINGLE_INSTANCE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: PARTIAL
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  





Reference:
BID-32720
SECUNIA-33076
SECUNIA-33146
SECUNIA-33246
SECUNIA-33822
SECUNIA-33912
SREASON-4753
OSVDB-50894
EXPLOIT-DB-7382
ADV-2008-3402
ADV-2008-3501
DSA-1723
FEDORA-2008-11221
GLSA-200903-32
SUSE-SR:2009:003
http://www.openwall.com/lists/oss-security/2009/02/12/1
http://typo3.org/teams/security/security-bulletins/typo3-20081222-1/
http://www.phpmyadmin.net/home_page/security/PMASA-2008-10.php
phpmyadmin-tblstructure-csrf(47168)

CPE    20
cpe:/a:phpmyadmin:phpmyadmin:2.11.1.0
cpe:/a:phpmyadmin:phpmyadmin:2.11.2.2
cpe:/a:phpmyadmin:phpmyadmin:2.11.4.0
cpe:/a:phpmyadmin:phpmyadmin:2.11.5.0
...
CWE    1
CWE-352
OVAL    2
oval:org.mitre.oval:def:8145
oval:org.secpod.oval:def:600505

© 2013 SecPod Technologies