[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-5621Date: (C)2008-12-16   (M)2023-12-22


Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.0
Exploit Score: 6.8
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-32720
SECUNIA-33076
SECUNIA-33146
SECUNIA-33246
SECUNIA-33822
SECUNIA-33912
SREASON-4753
OSVDB-50894
EXPLOIT-DB-7382
ADV-2008-3402
ADV-2008-3501
DSA-1723
FEDORA-2008-11221
GLSA-200903-32
SUSE-SR:2009:003
http://www.openwall.com/lists/oss-security/2009/02/12/1
http://typo3.org/teams/security/security-bulletins/typo3-20081222-1/
http://www.phpmyadmin.net/home_page/security/PMASA-2008-10.php
phpmyadmin-tblstructure-csrf(47168)

CPE    20
cpe:/a:phpmyadmin:phpmyadmin:2.11.1.0
cpe:/a:phpmyadmin:phpmyadmin:2.11.4.0
cpe:/a:phpmyadmin:phpmyadmin:2.11.2.2
cpe:/a:phpmyadmin:phpmyadmin:2.11.5.0
...
CWE    1
CWE-352
OVAL    2
oval:org.mitre.oval:def:8145
oval:org.secpod.oval:def:600505

© SecPod Technologies