Lucene search
HistoryMay 26, 2015 - 3:59 p.m.
CVE-2015-3902
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7
Confidence
Low
EPSS
0.003
Percentile
70.1%
Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configuration file.
Affected configurations
Node
phpmyadminphpmyadminMatch4.0.0
ORphpmyadminphpmyadminMatch4.0.0rc2
ORphpmyadminphpmyadminMatch4.0.0rc3
ORphpmyadminphpmyadminMatch4.0.1
ORphpmyadminphpmyadminMatch4.0.2
ORphpmyadminphpmyadminMatch4.0.3
ORphpmyadminphpmyadminMatch4.0.4
ORphpmyadminphpmyadminMatch4.0.4.1
ORphpmyadminphpmyadminMatch4.0.4.2
ORphpmyadminphpmyadminMatch4.0.5
ORphpmyadminphpmyadminMatch4.0.6
ORphpmyadminphpmyadminMatch4.0.7
ORphpmyadminphpmyadminMatch4.0.8
ORphpmyadminphpmyadminMatch4.0.9
ORphpmyadminphpmyadminMatch4.0.10
ORphpmyadminphpmyadminMatch4.0.10.2
ORphpmyadminphpmyadminMatch4.0.10.5
ORphpmyadminphpmyadminMatch4.0.10.6
ORphpmyadminphpmyadminMatch4.0.10.7
ORphpmyadminphpmyadminMatch4.0.10.8
ORphpmyadminphpmyadminMatch4.0.10.9
ORphpmyadminphpmyadminMatch4.2.0
ORphpmyadminphpmyadminMatch4.2.1
ORphpmyadminphpmyadminMatch4.2.2
ORphpmyadminphpmyadminMatch4.2.3
ORphpmyadminphpmyadminMatch4.2.4
ORphpmyadminphpmyadminMatch4.2.5
ORphpmyadminphpmyadminMatch4.2.7
ORphpmyadminphpmyadminMatch4.2.7.1
ORphpmyadminphpmyadminMatch4.2.9.1
ORphpmyadminphpmyadminMatch4.2.10.1
ORphpmyadminphpmyadminMatch4.2.11
ORphpmyadminphpmyadminMatch4.2.12
ORphpmyadminphpmyadminMatch4.2.13.1
ORphpmyadminphpmyadminMatch4.2.13.2
ORphpmyadminphpmyadminMatch4.3.0
ORphpmyadminphpmyadminMatch4.3.1
ORphpmyadminphpmyadminMatch4.3.2
ORphpmyadminphpmyadminMatch4.3.3
ORphpmyadminphpmyadminMatch4.3.4
ORphpmyadminphpmyadminMatch4.3.5
ORphpmyadminphpmyadminMatch4.3.6
ORphpmyadminphpmyadminMatch4.3.7
ORphpmyadminphpmyadminMatch4.3.8
ORphpmyadminphpmyadminMatch4.3.9
ORphpmyadminphpmyadminMatch4.3.10
ORphpmyadminphpmyadminMatch4.3.11
ORphpmyadminphpmyadminMatch4.3.12
ORphpmyadminphpmyadminMatch4.3.13
ORphpmyadminphpmyadminMatch4.4.0
ORphpmyadminphpmyadminMatch4.4.1
ORphpmyadminphpmyadminMatch4.4.1.1
ORphpmyadminphpmyadminMatch4.4.3
ORphpmyadminphpmyadminMatch4.4.4
ORphpmyadminphpmyadminMatch4.4.5
ORphpmyadminphpmyadminMatch4.4.6
References
Related
cvelist
cvelist
CVE-2015-3902
2015-05-26 15:00:00
debiancve
debiancve
CVE-2015-3902
2015-05-26 15:59:10
cve
cve
CVE-2015-3902
2015-05-26 15:59:10
ubuntucve
ubuntucve
CVE-2015-3902
2015-05-26 00:00:00
phpmyadmin
phpmyadmin
XSRF/CSRF vulnerability in phpMyAdmin setup.
2015-05-13 00:00:00
prion
prion
Cross site request forgery (csrf)
2015-05-26 15:59:00
openvas
openvas
phpMyAdmin Multiple Vulnerabilities -01 (Jun 2015)
2015-06-04 00:00:00
Fedora Update for phpMyAdmin FEDORA-2015-8274
2015-06-09 00:00:00
Fedora Update for phpMyAdmin FEDORA-2015-8190
2015-07-07 00:00:00
nessus
nessus
Fedora 22 : phpMyAdmin-4.4.6.1-1.fc22 (2015-8190)
2015-05-27 00:00:00
Fedora 20 : phpMyAdmin-4.4.6.1-1.fc20 (2015-8274)
2015-05-18 00:00:00
Fedora 21 : phpMyAdmin-4.4.6.1-1.fc21 (2015-8267)
2015-05-18 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: phpMyAdmin-4.4.6.1-1.fc20
2015-05-17 06:44:09
[SECURITY] Fedora 22 Update: phpMyAdmin-4.4.6.1-1.fc22
2015-05-26 03:43:49
[SECURITY] Fedora 21 Update: phpMyAdmin-4.4.6.1-1.fc21
2015-05-17 06:39:35
freebsd
freebsd
phpMyAdmin -- XSRF and man-in-the-middle vulnerabilities
2015-05-13 00:00:00
mageia
mageia
Updated phpmyadmin packages fix security vulnerabilities
2015-05-18 22:08:05
osv
osv
phpmyadmin - security update
2015-10-28 00:00:00
phpmyadmin - security update
2015-10-28 00:00:00
debian
debian
[SECURITY] [DLA 336-1] phpmyadmin security update
2015-10-28 19:55:06
[SECURITY] [DSA 3382-1] phpmyadmin security update
2015-10-28 19:52:25
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7
Confidence
Low
EPSS
0.003
Percentile
70.1%
Related for NVD:CVE-2015-3902