CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
86.1%
Announcement-ID: PMASA-2006-3
Date: 2006-05-20
XSRF vulnerabilities
It was possible to inject arbitrary SQL commands by forcing an authenticated user to follow a crafted link.
Such issue is quite common in many PHP applications and users should take care what links they follow. We consider these vulnerabilities to be quite dangerous.
Some versions previous to 2.8.1 suffer from this vulnerability.
Upgrade to phpMyAdmin 2.8.1.
Assigned CVE ids: CVE-2006-1804
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.