CVE - CVE-2008-5621

CVE-ID
CVE-2008-5621	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:32720 URL:http://www.securityfocus.com/bid/32720 CONFIRM:http://typo3.org/teams/security/security-bulletins/typo3-20081222-1/ CONFIRM:http://www.phpmyadmin.net/home_page/security/PMASA-2008-10.php DEBIAN:DSA-1723 URL:http://www.debian.org/security/2009/dsa-1723 EXPLOIT-DB:7382 URL:https://www.exploit-db.com/exploits/7382 FEDORA:FEDORA-2008-11221 URL:https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00784.html GENTOO:GLSA-200903-32 URL:http://security.gentoo.org/glsa/glsa-200903-32.xml MLIST:[oss-security] 20090212 CVE-2008-5621 is a duplicate (was: Re: CVE request: phpMyAdmin < 3.1.1.0 (SQL injection through XSRF on several pages )) URL:http://www.openwall.com/lists/oss-security/2009/02/12/1 OSVDB:50894 URL:~~http://osvdb.org/50894~~ (Obsolete source) SECUNIA:33076 URL:http://secunia.com/advisories/33076 SECUNIA:33146 URL:http://secunia.com/advisories/33146 SECUNIA:33246 URL:http://secunia.com/advisories/33246 SECUNIA:33822 URL:http://secunia.com/advisories/33822 SECUNIA:33912 URL:http://secunia.com/advisories/33912 SREASON:4753 URL:http://securityreason.com/securityalert/4753 SUSE:SUSE-SR:2009:003 URL:http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html VUPEN:ADV-2008-3402 URL:~~http://www.vupen.com/english/advisories/2008/3402~~ (Obsolete source) VUPEN:ADV-2008-3501 URL:~~http://www.vupen.com/english/advisories/2008/3501~~ (Obsolete source) XF:phpmyadmin-tblstructure-csrf(47168) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/47168
Assigning CNA
MITRE Corporation
Date Record Created
20081216	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20081216)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)