[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-4605Date: (C)2010-01-19   (M)2023-12-22


scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-38211
SECUNIA-39503
ADV-2010-0910
DSA-2034
SUSE-SR:2010:001
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/scripts/setup.php?r1=13149&r2=13148&pathrev=13149
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=13149
http://www.phpmyadmin.net/home_page/security/PMASA-2010-3.php

CPE    23
cpe:/a:phpmyadmin:phpmyadmin:2.11.1.0
cpe:/a:phpmyadmin:phpmyadmin:2.11.2.2
cpe:/a:phpmyadmin:phpmyadmin:2.11.4.0
cpe:/a:phpmyadmin:phpmyadmin:2.11.5.0
...
OVAL    2
oval:org.secpod.oval:def:600049
oval:org.mitre.oval:def:7290

© SecPod Technologies