QwikSec

Security Database

CVE

CWE

Training

CVE-2008-3197

Published: Jul 16, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_MANDRIVA

http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0

x_refsource_CONFIRM

SUSE-SR:2009:003

vendor-advisory

x_refsource_SUSE

FEDORA-2008-6502

vendor-advisory

x_refsource_FEDORA

phpmyadmin-multi-csrf(43846)

vdb-entry

x_refsource_XF

http://sourceforge.net/project/shownotes.php?release_id=613660

x_refsource_CONFIRM

http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-5

x_refsource_CONFIRM

http://yehg.net/lab/pr0js/advisories/XSRF_ConvertCharset_inPhpMyAdmin2.11.7.pdf

x_refsource_MISC

[oss-security] 20080715 CVE request: phpmyadmin < 2.11.7.1

mailing-list

x_refsource_MLIST

http://yehg.net/lab/pr0js/advisories/XSRF_CreateDB_inPhpMyAdmin2.11.7.pdf

x_refsource_MISC

FEDORA-2008-6450

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_DEBIAN

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.