3.5
CVE-2008-3197
- EPSS 0.98%
- Veröffentlicht 16.07.2008 18:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:20
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phpmyadmin ≫ Phpmyadmin Version2.0
Phpmyadmin ≫ Phpmyadmin Version2.0.0
Phpmyadmin ≫ Phpmyadmin Version2.0.1
Phpmyadmin ≫ Phpmyadmin Version2.0.2
Phpmyadmin ≫ Phpmyadmin Version2.0.3
Phpmyadmin ≫ Phpmyadmin Version2.0.4
Phpmyadmin ≫ Phpmyadmin Version2.0.5
Phpmyadmin ≫ Phpmyadmin Version2.1
Phpmyadmin ≫ Phpmyadmin Version2.1.0
Phpmyadmin ≫ Phpmyadmin Version2.1.1
Phpmyadmin ≫ Phpmyadmin Version2.1.2
Phpmyadmin ≫ Phpmyadmin Version2.2
Phpmyadmin ≫ Phpmyadmin Version2.2.0
Phpmyadmin ≫ Phpmyadmin Version2.2.0_pre1
Phpmyadmin ≫ Phpmyadmin Version2.2.0_pre2
Phpmyadmin ≫ Phpmyadmin Version2.2.0_rc1
Phpmyadmin ≫ Phpmyadmin Version2.2.0_rc2
Phpmyadmin ≫ Phpmyadmin Version2.2.0_rc3
Phpmyadmin ≫ Phpmyadmin Version2.2.2
Phpmyadmin ≫ Phpmyadmin Version2.2.3
Phpmyadmin ≫ Phpmyadmin Version2.2.4
Phpmyadmin ≫ Phpmyadmin Version2.2.5
Phpmyadmin ≫ Phpmyadmin Version2.2.6
Phpmyadmin ≫ Phpmyadmin Version2.2.7_pl1
Phpmyadmin ≫ Phpmyadmin Version2.2_pre1
Phpmyadmin ≫ Phpmyadmin Version2.2_pre2
Phpmyadmin ≫ Phpmyadmin Version2.2_rc1
Phpmyadmin ≫ Phpmyadmin Version2.2_rc2
Phpmyadmin ≫ Phpmyadmin Version2.2_rc3
Phpmyadmin ≫ Phpmyadmin Version2.3.1
Phpmyadmin ≫ Phpmyadmin Version2.3.2
Phpmyadmin ≫ Phpmyadmin Version2.4.0
Phpmyadmin ≫ Phpmyadmin Version2.5.0
Phpmyadmin ≫ Phpmyadmin Version2.5.1
Phpmyadmin ≫ Phpmyadmin Version2.5.2
Phpmyadmin ≫ Phpmyadmin Version2.5.2_pl1
Phpmyadmin ≫ Phpmyadmin Version2.5.3
Phpmyadmin ≫ Phpmyadmin Version2.5.4
Phpmyadmin ≫ Phpmyadmin Version2.5.5
Phpmyadmin ≫ Phpmyadmin Version2.5.5_pl1
Phpmyadmin ≫ Phpmyadmin Version2.5.5_rc1
Phpmyadmin ≫ Phpmyadmin Version2.5.5_rc2
Phpmyadmin ≫ Phpmyadmin Version2.5.6_rc1
Phpmyadmin ≫ Phpmyadmin Version2.5.6_rc2
Phpmyadmin ≫ Phpmyadmin Version2.5.7
Phpmyadmin ≫ Phpmyadmin Version2.5.7_pl1
Phpmyadmin ≫ Phpmyadmin Version2.6.0_pl1
Phpmyadmin ≫ Phpmyadmin Version2.6.0_pl2
Phpmyadmin ≫ Phpmyadmin Version2.6.0_pl3
Phpmyadmin ≫ Phpmyadmin Version2.6.1
Phpmyadmin ≫ Phpmyadmin Version2.6.1_pl1
Phpmyadmin ≫ Phpmyadmin Version2.6.1_pl3
Phpmyadmin ≫ Phpmyadmin Version2.6.1_rc1
Phpmyadmin ≫ Phpmyadmin Version2.6.2
Phpmyadmin ≫ Phpmyadmin Version2.6.2_dev
Phpmyadmin ≫ Phpmyadmin Version2.6.2_pl1
Phpmyadmin ≫ Phpmyadmin Version2.6.2_rc1
Phpmyadmin ≫ Phpmyadmin Version2.6.3
Phpmyadmin ≫ Phpmyadmin Version2.6.3_pl1
Phpmyadmin ≫ Phpmyadmin Version2.6.4
Phpmyadmin ≫ Phpmyadmin Version2.6.4_pl1
Phpmyadmin ≫ Phpmyadmin Version2.6.4_pl2
Phpmyadmin ≫ Phpmyadmin Version2.6.4_pl3
Phpmyadmin ≫ Phpmyadmin Version2.6.4_pl4
Phpmyadmin ≫ Phpmyadmin Version2.6.4_rc1
Phpmyadmin ≫ Phpmyadmin Version2.7
Phpmyadmin ≫ Phpmyadmin Version2.7.0
Phpmyadmin ≫ Phpmyadmin Version2.7.0_beta1
Phpmyadmin ≫ Phpmyadmin Version2.7.0_pl1
Phpmyadmin ≫ Phpmyadmin Version2.7.0_pl2
Phpmyadmin ≫ Phpmyadmin Version2.7.0_rc1
Phpmyadmin ≫ Phpmyadmin Version2.7_pl1
Phpmyadmin ≫ Phpmyadmin Version2.8.0
Phpmyadmin ≫ Phpmyadmin Version2.8.0.1
Phpmyadmin ≫ Phpmyadmin Version2.8.0.2
Phpmyadmin ≫ Phpmyadmin Version2.8.0.3
Phpmyadmin ≫ Phpmyadmin Version2.8.1
Phpmyadmin ≫ Phpmyadmin Version2.8.1_dev
Phpmyadmin ≫ Phpmyadmin Version2.8.2
Phpmyadmin ≫ Phpmyadmin Version2.8.3
Phpmyadmin ≫ Phpmyadmin Version2.8.4
Phpmyadmin ≫ Phpmyadmin Version2.9
Phpmyadmin ≫ Phpmyadmin Version2.9.0
Phpmyadmin ≫ Phpmyadmin Version2.9.0.1
Phpmyadmin ≫ Phpmyadmin Version2.9.0.2
Phpmyadmin ≫ Phpmyadmin Version2.9.0.3
Phpmyadmin ≫ Phpmyadmin Version2.9.0_beta1
Phpmyadmin ≫ Phpmyadmin Version2.9.0_dev
Phpmyadmin ≫ Phpmyadmin Version2.9.0_rc1
Phpmyadmin ≫ Phpmyadmin Version2.9.1
Phpmyadmin ≫ Phpmyadmin Version2.9.1.1
Phpmyadmin ≫ Phpmyadmin Version2.9.1_rc1
Phpmyadmin ≫ Phpmyadmin Version2.9.1_rc2
Phpmyadmin ≫ Phpmyadmin Version2.9.2
Phpmyadmin ≫ Phpmyadmin Version2.9_rc1
Phpmyadmin ≫ Phpmyadmin Version2.10.0
Phpmyadmin ≫ Phpmyadmin Version2.10.0.0
Phpmyadmin ≫ Phpmyadmin Version2.10.0.1
Phpmyadmin ≫ Phpmyadmin Version2.10.0.2
Phpmyadmin ≫ Phpmyadmin Version2.10.1
Phpmyadmin ≫ Phpmyadmin Version2.10.01
Phpmyadmin ≫ Phpmyadmin Version2.10.1.0
Phpmyadmin ≫ Phpmyadmin Version2.10.2
Phpmyadmin ≫ Phpmyadmin Version2.10.2.0
Phpmyadmin ≫ Phpmyadmin Version2.10.3
Phpmyadmin ≫ Phpmyadmin Version2.10.3.0
Phpmyadmin ≫ Phpmyadmin Version2.10.3rc1
Phpmyadmin ≫ Phpmyadmin Version2.11.0
Phpmyadmin ≫ Phpmyadmin Version2.11.0.0
Phpmyadmin ≫ Phpmyadmin Version2.11.0beta1
Phpmyadmin ≫ Phpmyadmin Version2.11.0rc1
Phpmyadmin ≫ Phpmyadmin Version2.11.1
Phpmyadmin ≫ Phpmyadmin Version2.11.1.0
Phpmyadmin ≫ Phpmyadmin Version2.11.1.1
Phpmyadmin ≫ Phpmyadmin Version2.11.1.2
Phpmyadmin ≫ Phpmyadmin Version2.11.1rc1
Phpmyadmin ≫ Phpmyadmin Version2.11.2
Phpmyadmin ≫ Phpmyadmin Version2.11.2.0
Phpmyadmin ≫ Phpmyadmin Version2.11.2.1
Phpmyadmin ≫ Phpmyadmin Version2.11.2.2
Phpmyadmin ≫ Phpmyadmin Version2.11.3
Phpmyadmin ≫ Phpmyadmin Version2.11.3.0
Phpmyadmin ≫ Phpmyadmin Version2.11.3rc1
Phpmyadmin ≫ Phpmyadmin Version2.11.4
Phpmyadmin ≫ Phpmyadmin Version2.11.4.0
Phpmyadmin ≫ Phpmyadmin Version2.11.4rc1
Phpmyadmin ≫ Phpmyadmin Version2.11.5
Phpmyadmin ≫ Phpmyadmin Version2.11.5.0
Phpmyadmin ≫ Phpmyadmin Version2.11.5.1
Phpmyadmin ≫ Phpmyadmin Version2.11.5.2
Phpmyadmin ≫ Phpmyadmin Version2.11.5rc1
Phpmyadmin ≫ Phpmyadmin Version2.11.6
Phpmyadmin ≫ Phpmyadmin Version2.11.6rc1
Phpmyadmin ≫ Phpmyadmin Version2.11.7.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.98% | 0.58 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
http://secunia.com/advisories/33822
http://secunia.com/advisories/31097
http://secunia.com/advisories/31115
http://sourceforge.net/project/shownotes.php?release_id=613660
http://www.debian.org/security/2008/dsa-1641
http://www.mandriva.com/security/advisories?name=MDVSA-2008:202
http://www.openwall.com/lists/oss-security/2008/07/15/6
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-5
http://www.vupen.com/english/advisories/2008/2116/references
http://yehg.net/lab/pr0js/advisories/XSRF_ConvertCharset_inPhpMyAdmin2.11.7.pdf
http://yehg.net/lab/pr0js/advisories/XSRF_CreateDB_inPhpMyAdmin2.11.7.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43846
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00590.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00652.html