5.1
CVE-2006-5116
- EPSS 3%
- Published 03.10.2006 04:03:00
- Last modified 09.04.2025 00:30:58
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017.
Data is provided by the National Vulnerability Database (NVD)
Phpmyadmin ≫ Phpmyadmin Version2.8.0.1
Phpmyadmin ≫ Phpmyadmin Version2.8.0.2
Phpmyadmin ≫ Phpmyadmin Version2.8.0.3
Phpmyadmin ≫ Phpmyadmin Version2.8.1
Phpmyadmin ≫ Phpmyadmin Version2.8.1_dev
Phpmyadmin ≫ Phpmyadmin Version2.8.3
Phpmyadmin ≫ Phpmyadmin Version2.8.4
Phpmyadmin ≫ Phpmyadmin Version2.9.0_dev
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3% | 0.86 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.1 | 4.9 | 6.4 |
AV:N/AC:H/Au:N/C:P/I:P/A:P
|