5

CVE-2009-4605

scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpmyadminPhpmyadmin Version2.11.0
PhpmyadminPhpmyadmin Version2.11.1.0
PhpmyadminPhpmyadmin Version2.11.1.1
PhpmyadminPhpmyadmin Version2.11.1.2
PhpmyadminPhpmyadmin Version2.11.2.0
PhpmyadminPhpmyadmin Version2.11.2.1
PhpmyadminPhpmyadmin Version2.11.2.2
PhpmyadminPhpmyadmin Version2.11.3.0
PhpmyadminPhpmyadmin Version2.11.4.0
PhpmyadminPhpmyadmin Version2.11.5.0
PhpmyadminPhpmyadmin Version2.11.5.1
PhpmyadminPhpmyadmin Version2.11.5.2
PhpmyadminPhpmyadmin Version2.11.6.0
PhpmyadminPhpmyadmin Version2.11.7.0
PhpmyadminPhpmyadmin Version2.11.7.1
PhpmyadminPhpmyadmin Version2.11.8.0
PhpmyadminPhpmyadmin Version2.11.9.0
PhpmyadminPhpmyadmin Version2.11.9.1
PhpmyadminPhpmyadmin Version2.11.9.2
PhpmyadminPhpmyadmin Version2.11.9.3
PhpmyadminPhpmyadmin Version2.11.9.4
PhpmyadminPhpmyadmin Version2.11.9.5
PhpmyadminPhpmyadmin Version2.11.9.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.36% 0.816
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html
http://secunia.com/advisories/38211
Vendor Advisory
http://secunia.com/advisories/39503
http://www.debian.org/security/2010/dsa-2034
http://www.vupen.com/english/advisories/2010/0910
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/scripts/setup.php?r1=13149&r2=13148&pathrev=13149
Patch
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=13149
http://www.phpmyadmin.net/home_page/security/PMASA-2010-3.php
Vendor Advisory