6.4
CVE-2008-3456
- EPSS 2.39%
- Veröffentlicht 04.08.2008 19:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:51
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phpmyadmin ≫ Phpmyadmin Version <= 2.11.7.0
Phpmyadmin ≫ Phpmyadmin Version2.0
Phpmyadmin ≫ Phpmyadmin Version2.0.0
Phpmyadmin ≫ Phpmyadmin Version2.0.1
Phpmyadmin ≫ Phpmyadmin Version2.0.2
Phpmyadmin ≫ Phpmyadmin Version2.0.3
Phpmyadmin ≫ Phpmyadmin Version2.0.4
Phpmyadmin ≫ Phpmyadmin Version2.0.5
Phpmyadmin ≫ Phpmyadmin Version2.1
Phpmyadmin ≫ Phpmyadmin Version2.1.0
Phpmyadmin ≫ Phpmyadmin Version2.1.1
Phpmyadmin ≫ Phpmyadmin Version2.1.2
Phpmyadmin ≫ Phpmyadmin Version2.10.0
Phpmyadmin ≫ Phpmyadmin Version2.10.0.0
Phpmyadmin ≫ Phpmyadmin Version2.10.0.1
Phpmyadmin ≫ Phpmyadmin Version2.10.0.2
Phpmyadmin ≫ Phpmyadmin Version2.10.1
Phpmyadmin ≫ Phpmyadmin Version2.10.01
Phpmyadmin ≫ Phpmyadmin Version2.10.1.0
Phpmyadmin ≫ Phpmyadmin Version2.10.2
Phpmyadmin ≫ Phpmyadmin Version2.10.2.0
Phpmyadmin ≫ Phpmyadmin Version2.10.3
Phpmyadmin ≫ Phpmyadmin Version2.10.3.0
Phpmyadmin ≫ Phpmyadmin Version2.11.0
Phpmyadmin ≫ Phpmyadmin Version2.11.0.0
Phpmyadmin ≫ Phpmyadmin Version2.11.1
Phpmyadmin ≫ Phpmyadmin Version2.11.1.0
Phpmyadmin ≫ Phpmyadmin Version2.11.1.1
Phpmyadmin ≫ Phpmyadmin Version2.11.1.2
Phpmyadmin ≫ Phpmyadmin Version2.11.2
Phpmyadmin ≫ Phpmyadmin Version2.11.2.0
Phpmyadmin ≫ Phpmyadmin Version2.11.2.1
Phpmyadmin ≫ Phpmyadmin Version2.11.2.2
Phpmyadmin ≫ Phpmyadmin Version2.11.3
Phpmyadmin ≫ Phpmyadmin Version2.11.3.0
Phpmyadmin ≫ Phpmyadmin Version2.11.4
Phpmyadmin ≫ Phpmyadmin Version2.11.4.0
Phpmyadmin ≫ Phpmyadmin Version2.11.5
Phpmyadmin ≫ Phpmyadmin Version2.11.5.0
Phpmyadmin ≫ Phpmyadmin Version2.11.5.1
Phpmyadmin ≫ Phpmyadmin Version2.11.5.2
Phpmyadmin ≫ Phpmyadmin Version2.11.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.39% | 0.818 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:P
|
CWE-59 Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
http://secunia.com/advisories/32834
http://www.debian.org/security/2008/dsa-1641
http://www.mandriva.com/security/advisories?name=MDVSA-2008:202
http://secunia.com/advisories/31263
http://secunia.com/advisories/31312
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6
http://www.securityfocus.com/bid/30420
http://www.vupen.com/english/advisories/2008/2226/references
http://yehg.net/lab/pr0js/advisories/Cross-Site_Framing_inphpMyAdmin2.11.7.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44050
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01239.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01316.html