CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
EPSS
Percentile
66.4%
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters
instead of $_GET and $_POST, which allows attackers in the same domain to
override certain variables and conduct SQL injection and Cross-Site Request
Forgery (CSRF) attacks by using crafted cookies.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | phpmyadmin | < 4:2.8.0.3-1ubuntu0.1 | UNKNOWN |
ubuntu | 6.10 | noarch | phpmyadmin | < 4:2.8.2-0.2ubuntu0.1 | UNKNOWN |
ubuntu | 7.04 | noarch | phpmyadmin | < 4:2.9.1.1-2ubuntu1.2 | UNKNOWN |
ubuntu | 7.10 | noarch | phpmyadmin | < 4:2.10.3-1ubuntu0.2 | UNKNOWN |