Lucene search

K
cveMitreCVE-2015-3902
HistoryMay 26, 2015 - 3:59 p.m.

CVE-2015-3902

2015-05-2615:59:10
CWE-352
mitre
web.nvd.nist.gov
52
cve-2015-3902
csrf
phpmyadmin
setup process
vulnerabilities
hijack authentication
administrators
configuration file.

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7

Confidence

Low

EPSS

0.003

Percentile

70.1%

Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configuration file.

Affected configurations

Nvd
Node
phpmyadminphpmyadminMatch4.0.0
OR
phpmyadminphpmyadminMatch4.0.0rc2
OR
phpmyadminphpmyadminMatch4.0.0rc3
OR
phpmyadminphpmyadminMatch4.0.1
OR
phpmyadminphpmyadminMatch4.0.2
OR
phpmyadminphpmyadminMatch4.0.3
OR
phpmyadminphpmyadminMatch4.0.4
OR
phpmyadminphpmyadminMatch4.0.4.1
OR
phpmyadminphpmyadminMatch4.0.4.2
OR
phpmyadminphpmyadminMatch4.0.5
OR
phpmyadminphpmyadminMatch4.0.6
OR
phpmyadminphpmyadminMatch4.0.7
OR
phpmyadminphpmyadminMatch4.0.8
OR
phpmyadminphpmyadminMatch4.0.9
OR
phpmyadminphpmyadminMatch4.0.10
OR
phpmyadminphpmyadminMatch4.0.10.2
OR
phpmyadminphpmyadminMatch4.0.10.5
OR
phpmyadminphpmyadminMatch4.0.10.6
OR
phpmyadminphpmyadminMatch4.0.10.7
OR
phpmyadminphpmyadminMatch4.0.10.8
OR
phpmyadminphpmyadminMatch4.0.10.9
OR
phpmyadminphpmyadminMatch4.2.0
OR
phpmyadminphpmyadminMatch4.2.1
OR
phpmyadminphpmyadminMatch4.2.2
OR
phpmyadminphpmyadminMatch4.2.3
OR
phpmyadminphpmyadminMatch4.2.4
OR
phpmyadminphpmyadminMatch4.2.5
OR
phpmyadminphpmyadminMatch4.2.7
OR
phpmyadminphpmyadminMatch4.2.7.1
OR
phpmyadminphpmyadminMatch4.2.9.1
OR
phpmyadminphpmyadminMatch4.2.10.1
OR
phpmyadminphpmyadminMatch4.2.11
OR
phpmyadminphpmyadminMatch4.2.12
OR
phpmyadminphpmyadminMatch4.2.13.1
OR
phpmyadminphpmyadminMatch4.2.13.2
OR
phpmyadminphpmyadminMatch4.3.0
OR
phpmyadminphpmyadminMatch4.3.1
OR
phpmyadminphpmyadminMatch4.3.2
OR
phpmyadminphpmyadminMatch4.3.3
OR
phpmyadminphpmyadminMatch4.3.4
OR
phpmyadminphpmyadminMatch4.3.5
OR
phpmyadminphpmyadminMatch4.3.6
OR
phpmyadminphpmyadminMatch4.3.7
OR
phpmyadminphpmyadminMatch4.3.8
OR
phpmyadminphpmyadminMatch4.3.9
OR
phpmyadminphpmyadminMatch4.3.10
OR
phpmyadminphpmyadminMatch4.3.11
OR
phpmyadminphpmyadminMatch4.3.12
OR
phpmyadminphpmyadminMatch4.3.13
OR
phpmyadminphpmyadminMatch4.4.0
OR
phpmyadminphpmyadminMatch4.4.1
OR
phpmyadminphpmyadminMatch4.4.1.1
OR
phpmyadminphpmyadminMatch4.4.3
OR
phpmyadminphpmyadminMatch4.4.4
OR
phpmyadminphpmyadminMatch4.4.5
OR
phpmyadminphpmyadminMatch4.4.6
VendorProductVersionCPE
phpmyadminphpmyadmin4.0.10.7cpe:/a:phpmyadmin:phpmyadmin:4.0.10.7:::
phpmyadminphpmyadmin4.4.6cpe:/a:phpmyadmin:phpmyadmin:4.4.6:::
phpmyadminphpmyadmin4.2.11cpe:/a:phpmyadmin:phpmyadmin:4.2.11:::
phpmyadminphpmyadmin4.0.10.8cpe:/a:phpmyadmin:phpmyadmin:4.0.10.8:::
phpmyadminphpmyadmin4.2.7.1cpe:/a:phpmyadmin:phpmyadmin:4.2.7.1:::
phpmyadminphpmyadmin4.0.2cpe:/a:phpmyadmin:phpmyadmin:4.0.2:::
phpmyadminphpmyadmin4.3.13cpe:/a:phpmyadmin:phpmyadmin:4.3.13:::
phpmyadminphpmyadmin4.0.0cpe:/a:phpmyadmin:phpmyadmin:4.0.0:rc3::
phpmyadminphpmyadmin4.0.7cpe:/a:phpmyadmin:phpmyadmin:4.0.7:::
phpmyadminphpmyadmin4.0.10.5cpe:/a:phpmyadmin:phpmyadmin:4.0.10.5:::
Rows per page:
1-10 of 561

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7

Confidence

Low

EPSS

0.003

Percentile

70.1%