CVE-2009-4605

EUVD-2009-4571
scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
phpmyadminphpmyadmin
2.11.0
phpmyadminphpmyadmin
2.11.1.0
phpmyadminphpmyadmin
2.11.1.1
phpmyadminphpmyadmin
2.11.1.2
phpmyadminphpmyadmin
2.11.2.0
phpmyadminphpmyadmin
2.11.2.1
phpmyadminphpmyadmin
2.11.2.2
phpmyadminphpmyadmin
2.11.3.0
phpmyadminphpmyadmin
2.11.4.0
phpmyadminphpmyadmin
2.11.5.0
phpmyadminphpmyadmin
2.11.5.1
phpmyadminphpmyadmin
2.11.5.2
phpmyadminphpmyadmin
2.11.6.0
phpmyadminphpmyadmin
2.11.7.0
phpmyadminphpmyadmin
2.11.7.1
phpmyadminphpmyadmin
2.11.8.0
phpmyadminphpmyadmin
2.11.9.0
phpmyadminphpmyadmin
2.11.9.1
phpmyadminphpmyadmin
2.11.9.2
phpmyadminphpmyadmin
2.11.9.3
phpmyadminphpmyadmin
2.11.9.4
phpmyadminphpmyadmin
2.11.9.5
phpmyadminphpmyadmin
2.11.9.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
phpmyadmin
bookworm
4:5.2.1+dfsg-1
fixed
bullseye
4:5.0.4+dfsg2-2+deb11u1
fixed
sid
4:5.2.1+dfsg-4
fixed
trixie
4:5.2.1+dfsg-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
phpmyadmin
dapper
ignored
hardy
ignored
intrepid
ignored
jaunty
ignored
karmic
ignored
lucid
not-affected
maverick
not-affected
natty
not-affected
References
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/scripts/setup.php?r1=13149&r2=13148&pathrev=13149
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=13149
http://secunia.com/advisories/38211
http://secunia.com/advisories/39503
http://www.debian.org/security/2010/dsa-2034
http://www.phpmyadmin.net/home_page/security/PMASA-2010-3.php
http://www.vupen.com/english/advisories/2010/0910
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/scripts/setup.php?r1=13149&r2=13148&pathrev=13149
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=13149
http://secunia.com/advisories/38211
http://secunia.com/advisories/39503
http://www.debian.org/security/2010/dsa-2034
http://www.phpmyadmin.net/home_page/security/PMASA-2010-3.php
http://www.vupen.com/english/advisories/2010/0910