Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2008-3197

Опубликовано: 16 июл. 2008
Источник: debian
EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
phpmyadminfixed4:2.11.7.1-1package

Примечания

  • this only allows via csrf to create an empty database.

  • this would take a lot of work to get it only to the 'annoying' level, let alone a DoS

  • https://www.phpmyadmin.net/security/PMASA-2008-5/

  • https://github.com/phpmyadmin/phpmyadmin/commit/13fbcf4107476dc2d53a8dde707667172f807641

  • https://github.com/phpmyadmin/phpmyadmin/commit/084fd3ed16290339ee98a14d067932f638974044 (useless?)

EPSS

Процентиль: 63%
0.00466
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2008-3197

ubuntu
почти 17 лет назад

Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set.

nvd логотип

CVE-2008-3197

nvd
почти 17 лет назад

Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set.

github логотип

GHSA-795w-6gcg-9r8x

github
около 3 лет назад

Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set.

EPSS

Процентиль: 63%
0.00466
Низкий