CVE-2008-3456

2008-08-0419:41:00

CWE-59

[email protected]

web.nvd.nist.gov

cve-2008-3456

phpmyadmin

cross-site framing

security vulnerability

nvd

6.2 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.009 Low

EPSS

Percentile

82.5%

JSON

phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack.

CPENameOperatorVersion
phpmyadmin:phpmyadminphpmyadmineq2.11.4
phpmyadmin:phpmyadminphpmyadmineq2.1.1
phpmyadmin:phpmyadminphpmyadmineq2.11.1.2
phpmyadmin:phpmyadminphpmyadmineq2.1.2
phpmyadmin:phpmyadminphpmyadmineq2.11.5.1
phpmyadmin:phpmyadminphpmyadminle2.11.7.0
phpmyadmin:phpmyadminphpmyadmineq2.11.1
phpmyadmin:phpmyadminphpmyadmineq2.11.5.0
phpmyadmin:phpmyadminphpmyadmineq2.10.0.1
phpmyadmin:phpmyadminphpmyadmineq2.0.4

CPE	Name	Operator	Version
phpmyadmin:phpmyadmin	phpmyadmin	eq	2.11.4
phpmyadmin:phpmyadmin	phpmyadmin	eq	2.1.1
phpmyadmin:phpmyadmin	phpmyadmin	eq	2.11.1.2
phpmyadmin:phpmyadmin	phpmyadmin	eq	2.1.2
phpmyadmin:phpmyadmin	phpmyadmin	eq	2.11.5.1
phpmyadmin:phpmyadmin	phpmyadmin	le	2.11.7.0
phpmyadmin:phpmyadmin	phpmyadmin	eq	2.11.1
phpmyadmin:phpmyadmin	phpmyadmin	eq	2.11.5.0
phpmyadmin:phpmyadmin	phpmyadmin	eq	2.10.0.1
phpmyadmin:phpmyadmin	phpmyadmin	eq	2.0.4