Lucene search

MitreCVE-2008-5621

HistoryDec 17, 2008 - 2:30 a.m.

CVE-2008-5621

2008-12-1702:30:00

CWE-352

mitre

web.nvd.nist.gov

cve-2008-5621

cross-site request forgery

csrf vulnerability

phpmyadmin

remote attackers

unauthorized actions

sql injection

arbitrary code

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

6.7

Confidence

High

EPSS

0.015

Percentile

87.1%

JSON

Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.

Affected configurations

Nvd

Node

phpmyadminphpmyadminMatch2.11.0

phpmyadminphpmyadminMatch2.11.0.0

phpmyadminphpmyadminMatch2.11.1

phpmyadminphpmyadminMatch2.11.1.0

phpmyadminphpmyadminMatch2.11.1.1

phpmyadminphpmyadminMatch2.11.1.2

phpmyadminphpmyadminMatch2.11.2

phpmyadminphpmyadminMatch2.11.2.0

phpmyadminphpmyadminMatch2.11.2.1

phpmyadminphpmyadminMatch2.11.2.2

phpmyadminphpmyadminMatch2.11.3

phpmyadminphpmyadminMatch2.11.3.0

phpmyadminphpmyadminMatch2.11.4.0

phpmyadminphpmyadminMatch2.11.5.0

phpmyadminphpmyadminMatch2.11.5.1

phpmyadminphpmyadminMatch2.11.5.2

phpmyadminphpmyadminMatch2.11.6.0

phpmyadminphpmyadminMatch2.11.7

phpmyadminphpmyadminMatch2.11.7.0

phpmyadminphpmyadminMatch2.11.8

phpmyadminphpmyadminMatch2.11.9.0

phpmyadminphpmyadminMatch2.11.9.1

phpmyadminphpmyadminMatch2.11.9.2

phpmyadminphpmyadminMatch2.11.9.3

phpmyadminphpmyadminMatch3.0.0

phpmyadminphpmyadminMatch3.0.1

phpmyadminphpmyadminMatch3.1.0.0

VendorProductVersionCPE
phpmyadminphpmyadmin2.11.0cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.11.0.0cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0.0:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.11.1cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.11.1.0cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.0:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.11.1.1cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.1:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.11.1.2cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.2:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.11.2cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.11.2.0cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.0:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.11.2.1cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.1:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.11.2.2cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	2.11.0	cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:::::::*
phpmyadmin	phpmyadmin	2.11.0.0	cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0.0:::::::*
phpmyadmin	phpmyadmin	2.11.1	cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1:::::::*
phpmyadmin	phpmyadmin	2.11.1.0	cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.0:::::::*
phpmyadmin	phpmyadmin	2.11.1.1	cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.1:::::::*
phpmyadmin	phpmyadmin	2.11.1.2	cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.2:::::::*
phpmyadmin	phpmyadmin	2.11.2	cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2:::::::*
phpmyadmin	phpmyadmin	2.11.2.0	cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.0:::::::*
phpmyadmin	phpmyadmin	2.11.2.1	cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.1:::::::*
phpmyadmin	phpmyadmin	2.11.2.2	cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.2:::::::*