GoogleOSV:DSA-1641-1phpmyadmin - several issues
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
Several remote vulnerabilities have been discovered in phpMyAdmin, a
tool to administrate MySQL databases over the web. The Common
Vulnerabilities and Exposures project identifies the following problems:
- CVE-2008-4096
Remote authenticated users could execute arbitrary code on the
host running phpMyAdmin through manipulation of a script parameter. - CVE-2008-3457
Cross site scripting through the setup script was possible in
rare circumstances. - CVE-2008-3456
Protection has been added against remote websites loading phpMyAdmin
into a frameset. - CVE-2008-3197
Cross site request forgery allowed remote attackers to create a new
database, but not perform any other action on it.
For the stable distribution (etch), these problems have been fixed in
version 4:2.9.1.1-8.
For the unstable distribution (sid), these problems have been fixed in
version 4:2.11.8.1-2.
We recommend that you upgrade your phpmyadmin package.
| CPE | Name | Operator | Version |
|---|---|---|---|
| phpmyadmin | eq | 4:2.9.1.1-7 | |
| phpmyadmin | eq | 4:2.9.1.1-3 | |
| phpmyadmin | eq | 4:2.9.1.1-4 | |
| phpmyadmin | eq | 4:2.9.1.1-6 | |
| phpmyadmin | eq | 4:2.9.1.1-5 |
References
Related
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C