5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.036 Low
EPSS
Percentile
91.6%
Announcement-ID: PMASA-2006-5
Date: 2006-10-01
XSRF (Cross Site Request Forgery) vulnerabilities
We received a security advisory from Stefan Esser ([email protected]) and we wish to thank him for his work. It was possible to inject arbitrary SQL commands by forcing an authenticated user to follow a crafted link.
We consider these vulnerabilities to be serious.
At least versions since 2.8.2.x.
Upgrade to phpMyAdmin 2.9.0.1 or newer.
Assigned CVE ids: CVE-2006-5116
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.
CPE | Name | Operator | Version |
---|---|---|---|
phpmyadmin | le | 2.8.2 |