CVE-2008-5621

2008-12-1700:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

EPSS

0.015

Percentile

87.1%

JSON

Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before
2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform
unauthorized actions as the administrator via a link or IMG tag to
tbl_structure.php with a modified table parameter. NOTE: other unspecified
pages are also reachable, but they have the same root cause. NOTE: this
can be leveraged to conduct SQL injection attacks and execute arbitrary
code.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/phpmyadmin/+bug/306699>

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchphpmyadmin< 4:2.11.3-1ubuntu1.2UNKNOWN
ubuntu8.10noarchphpmyadmin< 4:2.11.8.1-1ubuntu0.1UNKNOWN