CVE-2008-5621

Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter.  NOTE: other unspecified pages are also reachable, but they have the same root cause.  NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
phpmyadminphpmyadmin
2.11.0
phpmyadminphpmyadmin
2.11.0.0
phpmyadminphpmyadmin
2.11.1
phpmyadminphpmyadmin
2.11.1.0
phpmyadminphpmyadmin
2.11.1.1
phpmyadminphpmyadmin
2.11.1.2
phpmyadminphpmyadmin
2.11.2
phpmyadminphpmyadmin
2.11.2.0
phpmyadminphpmyadmin
2.11.2.1
phpmyadminphpmyadmin
2.11.2.2
phpmyadminphpmyadmin
2.11.3
phpmyadminphpmyadmin
2.11.3.0
phpmyadminphpmyadmin
2.11.4.0
phpmyadminphpmyadmin
2.11.5.0
phpmyadminphpmyadmin
2.11.5.1
phpmyadminphpmyadmin
2.11.5.2
phpmyadminphpmyadmin
2.11.6.0
phpmyadminphpmyadmin
2.11.7
phpmyadminphpmyadmin
2.11.7.0
phpmyadminphpmyadmin
2.11.8
phpmyadminphpmyadmin
2.11.9.0
phpmyadminphpmyadmin
2.11.9.1
phpmyadminphpmyadmin
2.11.9.2
phpmyadminphpmyadmin
2.11.9.3
phpmyadminphpmyadmin
3.0.0
phpmyadminphpmyadmin
3.0.1
phpmyadminphpmyadmin
3.1.0.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
phpmyadmin
bullseye
4:5.0.4+dfsg2-2+deb11u1
fixed
bookworm
4:5.2.1+dfsg-1
fixed
sid
4:5.2.1+dfsg-4
fixed
trixie
4:5.2.1+dfsg-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
phpmyadmin
karmic
not-affected
jaunty
not-affected
intrepid
Fixed 4:2.11.8.1-1ubuntu0.1
released
hardy
Fixed 4:2.11.3-1ubuntu1.2
released
gutsy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
http://osvdb.org/50894
http://secunia.com/advisories/33076
http://secunia.com/advisories/33146
http://secunia.com/advisories/33246
http://secunia.com/advisories/33822
http://secunia.com/advisories/33912
http://security.gentoo.org/glsa/glsa-200903-32.xml
http://securityreason.com/securityalert/4753
http://typo3.org/teams/security/security-bulletins/typo3-20081222-1/
http://www.debian.org/security/2009/dsa-1723
http://www.openwall.com/lists/oss-security/2009/02/12/1
http://www.phpmyadmin.net/home_page/security/PMASA-2008-10.php
http://www.securityfocus.com/bid/32720
http://www.vupen.com/english/advisories/2008/3402
http://www.vupen.com/english/advisories/2008/3501
https://exchange.xforce.ibmcloud.com/vulnerabilities/47168
https://www.exploit-db.com/exploits/7382
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00784.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
http://osvdb.org/50894
http://secunia.com/advisories/33076
http://secunia.com/advisories/33146
http://secunia.com/advisories/33246
http://secunia.com/advisories/33822
http://secunia.com/advisories/33912
http://security.gentoo.org/glsa/glsa-200903-32.xml
http://securityreason.com/securityalert/4753
http://typo3.org/teams/security/security-bulletins/typo3-20081222-1/
http://www.debian.org/security/2009/dsa-1723
http://www.openwall.com/lists/oss-security/2009/02/12/1
http://www.phpmyadmin.net/home_page/security/PMASA-2008-10.php
http://www.securityfocus.com/bid/32720
http://www.vupen.com/english/advisories/2008/3402
http://www.vupen.com/english/advisories/2008/3501
https://exchange.xforce.ibmcloud.com/vulnerabilities/47168
https://www.exploit-db.com/exploits/7382
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00784.html