3.5

CVE-2008-3197

Exploit
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpmyadminPhpmyadmin Version2.0
PhpmyadminPhpmyadmin Version2.0.0
PhpmyadminPhpmyadmin Version2.0.1
PhpmyadminPhpmyadmin Version2.0.2
PhpmyadminPhpmyadmin Version2.0.3
PhpmyadminPhpmyadmin Version2.0.4
PhpmyadminPhpmyadmin Version2.0.5
PhpmyadminPhpmyadmin Version2.1
PhpmyadminPhpmyadmin Version2.1.0
PhpmyadminPhpmyadmin Version2.1.1
PhpmyadminPhpmyadmin Version2.1.2
PhpmyadminPhpmyadmin Version2.2
PhpmyadminPhpmyadmin Version2.2.0
PhpmyadminPhpmyadmin Version2.2.0_pre1
PhpmyadminPhpmyadmin Version2.2.0_pre2
PhpmyadminPhpmyadmin Version2.2.0_rc1
PhpmyadminPhpmyadmin Version2.2.0_rc2
PhpmyadminPhpmyadmin Version2.2.0_rc3
PhpmyadminPhpmyadmin Version2.2.2
PhpmyadminPhpmyadmin Version2.2.3
PhpmyadminPhpmyadmin Version2.2.4
PhpmyadminPhpmyadmin Version2.2.5
PhpmyadminPhpmyadmin Version2.2.6
PhpmyadminPhpmyadmin Version2.2.7_pl1
PhpmyadminPhpmyadmin Version2.2_pre1
PhpmyadminPhpmyadmin Version2.2_pre2
PhpmyadminPhpmyadmin Version2.2_rc1
PhpmyadminPhpmyadmin Version2.2_rc2
PhpmyadminPhpmyadmin Version2.2_rc3
PhpmyadminPhpmyadmin Version2.3.1
PhpmyadminPhpmyadmin Version2.3.2
PhpmyadminPhpmyadmin Version2.4.0
PhpmyadminPhpmyadmin Version2.5.0
PhpmyadminPhpmyadmin Version2.5.1
PhpmyadminPhpmyadmin Version2.5.2
PhpmyadminPhpmyadmin Version2.5.2_pl1
PhpmyadminPhpmyadmin Version2.5.3
PhpmyadminPhpmyadmin Version2.5.4
PhpmyadminPhpmyadmin Version2.5.5
PhpmyadminPhpmyadmin Version2.5.5_pl1
PhpmyadminPhpmyadmin Version2.5.5_rc1
PhpmyadminPhpmyadmin Version2.5.5_rc2
PhpmyadminPhpmyadmin Version2.5.6_rc1
PhpmyadminPhpmyadmin Version2.5.6_rc2
PhpmyadminPhpmyadmin Version2.5.7
PhpmyadminPhpmyadmin Version2.5.7_pl1
PhpmyadminPhpmyadmin Version2.6.0_pl1
PhpmyadminPhpmyadmin Version2.6.0_pl2
PhpmyadminPhpmyadmin Version2.6.0_pl3
PhpmyadminPhpmyadmin Version2.6.1
PhpmyadminPhpmyadmin Version2.6.1_pl1
PhpmyadminPhpmyadmin Version2.6.1_pl3
PhpmyadminPhpmyadmin Version2.6.1_rc1
PhpmyadminPhpmyadmin Version2.6.2
PhpmyadminPhpmyadmin Version2.6.2_dev
PhpmyadminPhpmyadmin Version2.6.2_pl1
PhpmyadminPhpmyadmin Version2.6.2_rc1
PhpmyadminPhpmyadmin Version2.6.3
PhpmyadminPhpmyadmin Version2.6.3_pl1
PhpmyadminPhpmyadmin Version2.6.4
PhpmyadminPhpmyadmin Version2.6.4_pl1
PhpmyadminPhpmyadmin Version2.6.4_pl2
PhpmyadminPhpmyadmin Version2.6.4_pl3
PhpmyadminPhpmyadmin Version2.6.4_pl4
PhpmyadminPhpmyadmin Version2.6.4_rc1
PhpmyadminPhpmyadmin Version2.7
PhpmyadminPhpmyadmin Version2.7.0
PhpmyadminPhpmyadmin Version2.7.0_beta1
PhpmyadminPhpmyadmin Version2.7.0_pl1
PhpmyadminPhpmyadmin Version2.7.0_pl2
PhpmyadminPhpmyadmin Version2.7.0_rc1
PhpmyadminPhpmyadmin Version2.7_pl1
PhpmyadminPhpmyadmin Version2.8.0
PhpmyadminPhpmyadmin Version2.8.0.1
PhpmyadminPhpmyadmin Version2.8.0.2
PhpmyadminPhpmyadmin Version2.8.0.3
PhpmyadminPhpmyadmin Version2.8.1
PhpmyadminPhpmyadmin Version2.8.1_dev
PhpmyadminPhpmyadmin Version2.8.2
PhpmyadminPhpmyadmin Version2.8.3
PhpmyadminPhpmyadmin Version2.8.4
PhpmyadminPhpmyadmin Version2.9
PhpmyadminPhpmyadmin Version2.9.0
PhpmyadminPhpmyadmin Version2.9.0.1
PhpmyadminPhpmyadmin Version2.9.0.2
PhpmyadminPhpmyadmin Version2.9.0.3
PhpmyadminPhpmyadmin Version2.9.0_beta1
PhpmyadminPhpmyadmin Version2.9.0_dev
PhpmyadminPhpmyadmin Version2.9.0_rc1
PhpmyadminPhpmyadmin Version2.9.1
PhpmyadminPhpmyadmin Version2.9.1.1
PhpmyadminPhpmyadmin Version2.9.1_rc1
PhpmyadminPhpmyadmin Version2.9.1_rc2
PhpmyadminPhpmyadmin Version2.9.2
PhpmyadminPhpmyadmin Version2.9_rc1
PhpmyadminPhpmyadmin Version2.10.0
PhpmyadminPhpmyadmin Version2.10.0.0
PhpmyadminPhpmyadmin Version2.10.0.1
PhpmyadminPhpmyadmin Version2.10.0.2
PhpmyadminPhpmyadmin Version2.10.1
PhpmyadminPhpmyadmin Version2.10.01
PhpmyadminPhpmyadmin Version2.10.1.0
PhpmyadminPhpmyadmin Version2.10.2
PhpmyadminPhpmyadmin Version2.10.2.0
PhpmyadminPhpmyadmin Version2.10.3
PhpmyadminPhpmyadmin Version2.10.3.0
PhpmyadminPhpmyadmin Version2.10.3rc1
PhpmyadminPhpmyadmin Version2.11.0
PhpmyadminPhpmyadmin Version2.11.0.0
PhpmyadminPhpmyadmin Version2.11.0beta1
PhpmyadminPhpmyadmin Version2.11.0rc1
PhpmyadminPhpmyadmin Version2.11.1
PhpmyadminPhpmyadmin Version2.11.1.0
PhpmyadminPhpmyadmin Version2.11.1.1
PhpmyadminPhpmyadmin Version2.11.1.2
PhpmyadminPhpmyadmin Version2.11.1rc1
PhpmyadminPhpmyadmin Version2.11.2
PhpmyadminPhpmyadmin Version2.11.2.0
PhpmyadminPhpmyadmin Version2.11.2.1
PhpmyadminPhpmyadmin Version2.11.2.2
PhpmyadminPhpmyadmin Version2.11.3
PhpmyadminPhpmyadmin Version2.11.3.0
PhpmyadminPhpmyadmin Version2.11.3rc1
PhpmyadminPhpmyadmin Version2.11.4
PhpmyadminPhpmyadmin Version2.11.4.0
PhpmyadminPhpmyadmin Version2.11.4rc1
PhpmyadminPhpmyadmin Version2.11.5
PhpmyadminPhpmyadmin Version2.11.5.0
PhpmyadminPhpmyadmin Version2.11.5.1
PhpmyadminPhpmyadmin Version2.11.5.2
PhpmyadminPhpmyadmin Version2.11.5rc1
PhpmyadminPhpmyadmin Version2.11.6
PhpmyadminPhpmyadmin Version2.11.6rc1
PhpmyadminPhpmyadmin Version2.11.7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.98% 0.58
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:P/A:N
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
http://secunia.com/advisories/33822
http://secunia.com/advisories/31097
http://secunia.com/advisories/31115
Vendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=613660
http://www.debian.org/security/2008/dsa-1641
http://www.mandriva.com/security/advisories?name=MDVSA-2008:202
http://www.openwall.com/lists/oss-security/2008/07/15/6
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-5
http://www.vupen.com/english/advisories/2008/2116/references
http://yehg.net/lab/pr0js/advisories/XSRF_ConvertCharset_inPhpMyAdmin2.11.7.pdf
http://yehg.net/lab/pr0js/advisories/XSRF_CreateDB_inPhpMyAdmin2.11.7.pdf
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/43846
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00590.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00652.html