Lucene search

PhpMyAdminPHPMYADMIN:PMASA-2006-5

HistoryOct 01, 2006 - 12:00 a.m.

XSRF (Cross Site Request Forgery) vulnerabilities

2006-10-0100:00:00

www.phpmyadmin.net

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.036 Low

EPSS

Percentile

91.6%

JSON

PMASA-2006-5

Announcement-ID: PMASA-2006-5

Date: 2006-10-01

Summary

XSRF (Cross Site Request Forgery) vulnerabilities

Description

We received a security advisory from Stefan Esser ([email protected]) and we wish to thank him for his work. It was possible to inject arbitrary SQL commands by forcing an authenticated user to follow a crafted link.

Severity

We consider these vulnerabilities to be serious.

Affected Versions

At least versions since 2.8.2.x.

Solution

Upgrade to phpMyAdmin 2.9.0.1 or newer.

References

Assigned CVE ids: CVE-2006-5116

CWE ids: CWE-661 CWE-352

Patches

The following commits have been made to fix this issue:

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

CPENameOperatorVersion
phpmyadminle2.8.2

CPE	Name	Operator	Version
	phpmyadmin	le	2.8.2

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.036 Low

EPSS

Percentile

91.6%

JSON

Related for PHPMYADMIN:PMASA-2006-5