CVE-2008-5621 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-5621
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-5621

Description: Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/47168 SUSE http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html SREASON http://securityreason.com/securityalert/4753 SAID Secunia Advisory: SA33822 Secunia Advisory: SA33146 Secunia Advisory: SA33076 Secunia Advisory: SA33246 Secunia Advisory: SA33912 OSVDB 50894 MLIST http://www.openwall.com/lists/oss-security/2009/02/12/1 MILW0RM http://www.milw0rm.com/exploits/7382 GENTOO http://security.gentoo.org/glsa/glsa-200903-32.xml FEDORA DEBIAN http://www.debian.org/security/2009/dsa-1723 CONFIRM http://www.phpmyadmin.net/home_page/security/PMASA-2008-10.php http://typo3.org/teams/security/security-bulletins/typo3-20081222-1/ BID 32720

Return to the previous page.