Cross site request forgery (csrf)

2010-08-2420:00:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.101 Low

EPSS

Percentile

94.8%

JSON

The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.

CPENameOperatorVersion
phpmyadmineq2.11.1.2
phpmyadmineq2.11.5.1
phpmyadmineq2.11.5.0
phpmyadmineq2.11.9.0
phpmyadmineq2.11.9.1
phpmyadmineq2.11.5.2
phpmyadmineq2.11.2.2
phpmyadmineq2.11.8.0
phpmyadmineq2.11.4.0
phpmyadmineq2.11.2.1

Name	Operator	Version
phpmyadmin	eq	2.11.1.2
phpmyadmin	eq	2.11.5.1
phpmyadmin	eq	2.11.5.0
phpmyadmin	eq	2.11.9.0
phpmyadmin	eq	2.11.9.1
phpmyadmin	eq	2.11.5.2
phpmyadmin	eq	2.11.2.2
phpmyadmin	eq	2.11.8.0
phpmyadmin	eq	2.11.4.0
phpmyadmin	eq	2.11.2.1