Back to search
CVE-2008-5621
Published: Dec 17, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
SUSE-SR:2009:003
vendor-advisory
x_refsource_SUSE
ADV-2008-3501
vdb-entry
x_refsource_VUPEN
GLSA-200903-32
vendor-advisory
x_refsource_GENTOO
DSA-1723
vendor-advisory
x_refsource_DEBIAN
phpmyadmin-tblstructure-csrf(47168)
vdb-entry
x_refsource_XF
4753
third-party-advisory
x_refsource_SREASON
ADV-2008-3402
vdb-entry
x_refsource_VUPEN
50894
vdb-entry
x_refsource_OSVDB
FEDORA-2008-11221
vendor-advisory
x_refsource_FEDORA
33146
third-party-advisory
x_refsource_SECUNIA
http://www.phpmyadmin.net/home_page/security/PMASA-2008-10.php
x_refsource_CONFIRM
33822
third-party-advisory
x_refsource_SECUNIA
33246
third-party-advisory
x_refsource_SECUNIA
32720
vdb-entry
x_refsource_BID
33912
third-party-advisory
x_refsource_SECUNIA
7382
exploit
x_refsource_EXPLOIT-DB
33076
third-party-advisory
x_refsource_SECUNIA
http://typo3.org/teams/security/security-bulletins/typo3-20081222-1/
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now