Описание
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | 4:3.2.0.1-1 |
| gutsy | ignored | end of life, was needed |
| hardy | released | 4:2.11.3-1ubuntu1.2 |
| intrepid | released | 4:2.11.8.1-1ubuntu0.1 |
| jaunty | not-affected | 4:3.1.2-1 |
| karmic | not-affected | 4:3.2.0.1-1 |
| upstream | released | 2.11.9.4 and 3.1.1.0 |
Показывать по
EPSS
6 Medium
CVSS2
Связанные уязвимости
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x b ...
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.
EPSS
6 Medium
CVSS2