Cross site request forgery (csrf)

2008-07-1618:41:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

58.3%

JSON

Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the “Creating a Database” functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set.

CPENameOperatorVersion
phpmyadmineq2.5.2-pl1
phpmyadmineq2.10.3-rc1
phpmyadmineq2.11.4
phpmyadmineq2.1.1
phpmyadmineq2.11.0-rc1
phpmyadmineq2.7.0
phpmyadmineq2.7.0-pl1
phpmyadmineq2.11.1.2
phpmyadmineq2.8.1-dev
phpmyadmineq2.6.4-rc1

Name	Operator	Version
phpmyadmin	eq	2.5.2-pl1
phpmyadmin	eq	2.10.3-rc1
phpmyadmin	eq	2.11.4
phpmyadmin	eq	2.1.1
phpmyadmin	eq	2.11.0-rc1
phpmyadmin	eq	2.7.0
phpmyadmin	eq	2.7.0-pl1
phpmyadmin	eq	2.11.1.2
phpmyadmin	eq	2.8.1-dev
phpmyadmin	eq	2.6.4-rc1