Lucene search

MitreCVE-2009-4605

HistoryJan 19, 2010 - 4:30 p.m.

CVE-2009-4605

2010-01-1916:30:00

mitre

web.nvd.nist.gov

cve-2009-4605

phpmyadmin

csrf

vulnerability

setup.php

unserialize

cross-site request forgery

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.008

Percentile

81.4%

JSON

scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.

Affected configurations

Nvd

Node

phpmyadminphpmyadminMatch2.11.0

phpmyadminphpmyadminMatch2.11.1.0

phpmyadminphpmyadminMatch2.11.1.1

phpmyadminphpmyadminMatch2.11.1.2

phpmyadminphpmyadminMatch2.11.2.0

phpmyadminphpmyadminMatch2.11.2.1

phpmyadminphpmyadminMatch2.11.2.2

phpmyadminphpmyadminMatch2.11.3.0

phpmyadminphpmyadminMatch2.11.4.0

phpmyadminphpmyadminMatch2.11.5.0

phpmyadminphpmyadminMatch2.11.5.1

phpmyadminphpmyadminMatch2.11.5.2

phpmyadminphpmyadminMatch2.11.6.0

phpmyadminphpmyadminMatch2.11.7.0

phpmyadminphpmyadminMatch2.11.7.1

phpmyadminphpmyadminMatch2.11.8.0

phpmyadminphpmyadminMatch2.11.9.0

phpmyadminphpmyadminMatch2.11.9.1

phpmyadminphpmyadminMatch2.11.9.2

phpmyadminphpmyadminMatch2.11.9.3

phpmyadminphpmyadminMatch2.11.9.4

phpmyadminphpmyadminMatch2.11.9.5

phpmyadminphpmyadminMatch2.11.9.6

VendorProductVersionCPE
phpmyadminphpmyadmin2.11.0cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.11.1.0cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.0:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.11.1.1cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.1:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.11.1.2cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.2:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.11.2.0cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.0:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.11.2.1cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.1:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.11.2.2cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.2:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.11.3.0cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3.0:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.11.4.0cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.4.0:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.11.5.0cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	2.11.0	cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:::::::*
phpmyadmin	phpmyadmin	2.11.1.0	cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.0:::::::*
phpmyadmin	phpmyadmin	2.11.1.1	cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.1:::::::*
phpmyadmin	phpmyadmin	2.11.1.2	cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.2:::::::*
phpmyadmin	phpmyadmin	2.11.2.0	cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.0:::::::*
phpmyadmin	phpmyadmin	2.11.2.1	cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.1:::::::*
phpmyadmin	phpmyadmin	2.11.2.2	cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.2:::::::*
phpmyadmin	phpmyadmin	2.11.3.0	cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3.0:::::::*
phpmyadmin	phpmyadmin	2.11.4.0	cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.4.0:::::::*
phpmyadmin	phpmyadmin	2.11.5.0	cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.0:::::::*