CVE-2008-3197

EUVD-2008-3187
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
phpmyadminphpmyadmin
2.0
phpmyadminphpmyadmin
2.0.0
phpmyadminphpmyadmin
2.0.1
phpmyadminphpmyadmin
2.0.2
phpmyadminphpmyadmin
2.0.3
phpmyadminphpmyadmin
2.0.4
phpmyadminphpmyadmin
2.0.5
phpmyadminphpmyadmin
2.1
phpmyadminphpmyadmin
2.1.0
phpmyadminphpmyadmin
2.1.1
phpmyadminphpmyadmin
2.1.2
phpmyadminphpmyadmin
2.2
phpmyadminphpmyadmin
2.2.0
phpmyadminphpmyadmin
2.2.0_pre1:_pre1
phpmyadminphpmyadmin
2.2.0_pre2:_pre2
phpmyadminphpmyadmin
2.2.0_rc1:_rc1
phpmyadminphpmyadmin
2.2.0_rc2:_rc2
phpmyadminphpmyadmin
2.2.0_rc3:_rc3
phpmyadminphpmyadmin
2.2.2
phpmyadminphpmyadmin
2.2.3
phpmyadminphpmyadmin
2.2.4
phpmyadminphpmyadmin
2.2.5
phpmyadminphpmyadmin
2.2.6
phpmyadminphpmyadmin
2.2.7_pl1:_pl1
phpmyadminphpmyadmin
2.2_pre1:_pre1
phpmyadminphpmyadmin
2.2_pre2:_pre2
phpmyadminphpmyadmin
2.2_rc1:_rc1
phpmyadminphpmyadmin
2.2_rc2:_rc2
phpmyadminphpmyadmin
2.2_rc3:_rc3
phpmyadminphpmyadmin
2.3.1
phpmyadminphpmyadmin
2.3.2
phpmyadminphpmyadmin
2.4.0
phpmyadminphpmyadmin
2.5.0
phpmyadminphpmyadmin
2.5.1
phpmyadminphpmyadmin
2.5.2
phpmyadminphpmyadmin
2.5.2_pl1:_pl1
phpmyadminphpmyadmin
2.5.3
phpmyadminphpmyadmin
2.5.4
phpmyadminphpmyadmin
2.5.5
phpmyadminphpmyadmin
2.5.5_pl1:_pl1
phpmyadminphpmyadmin
2.5.5_rc1:_rc1
phpmyadminphpmyadmin
2.5.5_rc2:_rc2
phpmyadminphpmyadmin
2.5.6_rc1:_rc1
phpmyadminphpmyadmin
2.5.6_rc2:_rc2
phpmyadminphpmyadmin
2.5.7
phpmyadminphpmyadmin
2.5.7_pl1:_pl1
phpmyadminphpmyadmin
2.6.0_pl1:_pl1
phpmyadminphpmyadmin
2.6.0_pl2:_pl2
phpmyadminphpmyadmin
2.6.0_pl3:_pl3
phpmyadminphpmyadmin
2.6.1
phpmyadminphpmyadmin
2.6.1_pl1:_pl1
phpmyadminphpmyadmin
2.6.1_pl3:_pl3
phpmyadminphpmyadmin
2.6.1_rc1:_rc1
phpmyadminphpmyadmin
2.6.2
phpmyadminphpmyadmin
2.6.2_dev:_dev
phpmyadminphpmyadmin
2.6.2_pl1:_pl1
phpmyadminphpmyadmin
2.6.2_rc1:_rc1
phpmyadminphpmyadmin
2.6.3
phpmyadminphpmyadmin
2.6.3_pl1:_pl1
phpmyadminphpmyadmin
2.6.4
phpmyadminphpmyadmin
2.6.4_pl1:_pl1
phpmyadminphpmyadmin
2.6.4_pl2:_pl2
phpmyadminphpmyadmin
2.6.4_pl3:_pl3
phpmyadminphpmyadmin
2.6.4_pl4:_pl4
phpmyadminphpmyadmin
2.6.4_rc1:_rc1
phpmyadminphpmyadmin
2.7
phpmyadminphpmyadmin
2.7.0
phpmyadminphpmyadmin
2.7.0_beta1:_beta1
phpmyadminphpmyadmin
2.7.0_pl1:_pl1
phpmyadminphpmyadmin
2.7.0_pl2:_pl2
phpmyadminphpmyadmin
2.7.0_rc1:_rc1
phpmyadminphpmyadmin
2.7_pl1:_pl1
phpmyadminphpmyadmin
2.8.0
phpmyadminphpmyadmin
2.8.0.1
phpmyadminphpmyadmin
2.8.0.2
phpmyadminphpmyadmin
2.8.0.3
phpmyadminphpmyadmin
2.8.1
phpmyadminphpmyadmin
2.8.1_dev:_dev
phpmyadminphpmyadmin
2.8.2
phpmyadminphpmyadmin
2.8.3
phpmyadminphpmyadmin
2.8.4
phpmyadminphpmyadmin
2.9
phpmyadminphpmyadmin
2.9.0
phpmyadminphpmyadmin
2.9.0.1
phpmyadminphpmyadmin
2.9.0.2
phpmyadminphpmyadmin
2.9.0.3
phpmyadminphpmyadmin
2.9.0_beta1:_beta1
phpmyadminphpmyadmin
2.9.0_dev:_dev
phpmyadminphpmyadmin
2.9.0_rc1:_rc1
phpmyadminphpmyadmin
2.9.1
phpmyadminphpmyadmin
2.9.1.1
phpmyadminphpmyadmin
2.9.1_rc1:_rc1
phpmyadminphpmyadmin
2.9.1_rc2:_rc2
phpmyadminphpmyadmin
2.9.2
phpmyadminphpmyadmin
2.9_rc1:_rc1
phpmyadminphpmyadmin
2.10.0
phpmyadminphpmyadmin
2.10.0.0
phpmyadminphpmyadmin
2.10.0.1
phpmyadminphpmyadmin
2.10.0.2
phpmyadminphpmyadmin
2.10.1
phpmyadminphpmyadmin
2.10.01
phpmyadminphpmyadmin
2.10.1.0
phpmyadminphpmyadmin
2.10.2
phpmyadminphpmyadmin
2.10.2.0
phpmyadminphpmyadmin
2.10.3
phpmyadminphpmyadmin
2.10.3.0
phpmyadminphpmyadmin
2.10.3rc1:rc1
phpmyadminphpmyadmin
2.11.0
phpmyadminphpmyadmin
2.11.0.0
phpmyadminphpmyadmin
2.11.0beta1:beta1
phpmyadminphpmyadmin
2.11.0rc1:rc1
phpmyadminphpmyadmin
2.11.1
phpmyadminphpmyadmin
2.11.1.0
phpmyadminphpmyadmin
2.11.1.1
phpmyadminphpmyadmin
2.11.1.2
phpmyadminphpmyadmin
2.11.1rc1:rc1
phpmyadminphpmyadmin
2.11.2
phpmyadminphpmyadmin
2.11.2.0
phpmyadminphpmyadmin
2.11.2.1
phpmyadminphpmyadmin
2.11.2.2
phpmyadminphpmyadmin
2.11.3
phpmyadminphpmyadmin
2.11.3.0
phpmyadminphpmyadmin
2.11.3rc1:rc1
phpmyadminphpmyadmin
2.11.4
phpmyadminphpmyadmin
2.11.4.0
phpmyadminphpmyadmin
2.11.4rc1:rc1
phpmyadminphpmyadmin
2.11.5
phpmyadminphpmyadmin
2.11.5.0
phpmyadminphpmyadmin
2.11.5.1
phpmyadminphpmyadmin
2.11.5.2
phpmyadminphpmyadmin
2.11.5rc1:rc1
phpmyadminphpmyadmin
2.11.6
phpmyadminphpmyadmin
2.11.6rc1:rc1
phpmyadminphpmyadmin
2.11.7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
phpmyadmin
bookworm
4:5.2.1+dfsg-1
fixed
bullseye
4:5.0.4+dfsg2-2+deb11u1
fixed
sid
4:5.2.1+dfsg-4
fixed
trixie
4:5.2.1+dfsg-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
phpmyadmin
dapper
ignored
feisty
ignored
gutsy
ignored
hardy
Fixed 4:2.11.3-1ubuntu1.2
released
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
http://secunia.com/advisories/31097
http://secunia.com/advisories/31115
http://secunia.com/advisories/33822
http://sourceforge.net/project/shownotes.php?release_id=613660
http://www.debian.org/security/2008/dsa-1641
http://www.mandriva.com/security/advisories?name=MDVSA-2008:202
http://www.openwall.com/lists/oss-security/2008/07/15/6
http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-5
http://www.vupen.com/english/advisories/2008/2116/references
http://yehg.net/lab/pr0js/advisories/XSRF_ConvertCharset_inPhpMyAdmin2.11.7.pdf
http://yehg.net/lab/pr0js/advisories/XSRF_CreateDB_inPhpMyAdmin2.11.7.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43846
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00590.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00652.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
http://secunia.com/advisories/31097
http://secunia.com/advisories/31115
http://secunia.com/advisories/33822
http://sourceforge.net/project/shownotes.php?release_id=613660
http://www.debian.org/security/2008/dsa-1641
http://www.mandriva.com/security/advisories?name=MDVSA-2008:202
http://www.openwall.com/lists/oss-security/2008/07/15/6
http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-5
http://www.vupen.com/english/advisories/2008/2116/references
http://yehg.net/lab/pr0js/advisories/XSRF_ConvertCharset_inPhpMyAdmin2.11.7.pdf
http://yehg.net/lab/pr0js/advisories/XSRF_CreateDB_inPhpMyAdmin2.11.7.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43846
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00590.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00652.html