4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.012 Low
EPSS
Percentile
85.2%
The phpMyAdmin development team reports:
Summary
CSRF vulnerability in login form
Description
A vulnerability was found that allows an attacker to
trigger a CSRF attack against a phpMyAdmin user. The
attacker can trick the user, for instance through a broken
<img> tag pointing at the victim’s
phpMyAdmin database, and the attacker can potentially
deliver a payload (such as a specific INSERT or DELETE
statement) through the victim.
Severity
We consider this vulnerability to be severe.
Mitigation factor Only the ‘cookie’
auth_type is affected; users can temporary use
phpMyAdmin’s http authentication as a workaround.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | phpmyadmin | < 4.9.0 | UNKNOWN |
FreeBSD | any | noarch | phpmyadmin-php56 | < 4.9.0 | UNKNOWN |
FreeBSD | any | noarch | phpmyadmin-php70 | < 4.9.0 | UNKNOWN |
FreeBSD | any | noarch | phpmyadmin-php71 | < 4.9.0 | UNKNOWN |
FreeBSD | any | noarch | phpmyadmin-php72 | < 4.9.0 | UNKNOWN |
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.012 Low
EPSS
Percentile
85.2%