Secunia
Login
|
|
CVE Reference: CVE-2006-5116 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-5116 |
|
|
Description: Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/29301 VIM http://attrition.org/pipermail/vim/2006-October/001067.html SUSE http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html SREASON http://securityreason.com/securityalert/1677 SAID Secunia Advisory: SA23086 Secunia Advisory: SA22126 Secunia Advisory: SA22781 MISC http://www.hardened-php.net/advisory_072006.130.html DEBIAN http://www.debian.org/security/2006/dsa-1207 CONFIRM http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-5 http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.9.1-rc1.tar.gz?download BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/447491/100/0/threaded BID 20253 |
|
| Return to the previous page. |
