CVE-2009-4605

scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
phpmyadminphpmyadmin
2.11.0
phpmyadminphpmyadmin
2.11.1.0
phpmyadminphpmyadmin
2.11.1.1
phpmyadminphpmyadmin
2.11.1.2
phpmyadminphpmyadmin
2.11.2.0
phpmyadminphpmyadmin
2.11.2.1
phpmyadminphpmyadmin
2.11.2.2
phpmyadminphpmyadmin
2.11.3.0
phpmyadminphpmyadmin
2.11.4.0
phpmyadminphpmyadmin
2.11.5.0
phpmyadminphpmyadmin
2.11.5.1
phpmyadminphpmyadmin
2.11.5.2
phpmyadminphpmyadmin
2.11.6.0
phpmyadminphpmyadmin
2.11.7.0
phpmyadminphpmyadmin
2.11.7.1
phpmyadminphpmyadmin
2.11.8.0
phpmyadminphpmyadmin
2.11.9.0
phpmyadminphpmyadmin
2.11.9.1
phpmyadminphpmyadmin
2.11.9.2
phpmyadminphpmyadmin
2.11.9.3
phpmyadminphpmyadmin
2.11.9.4
phpmyadminphpmyadmin
2.11.9.5
phpmyadminphpmyadmin
2.11.9.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
phpmyadmin
bullseye
4:5.0.4+dfsg2-2+deb11u1
fixed
bookworm
4:5.2.1+dfsg-1
fixed
sid
4:5.2.1+dfsg-4
fixed
trixie
4:5.2.1+dfsg-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
phpmyadmin
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
ignored
jaunty
ignored
intrepid
ignored
hardy
ignored
dapper
ignored
References
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/scripts/setup.php?r1=13149&r2=13148&pathrev=13149
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=13149
http://secunia.com/advisories/38211
http://secunia.com/advisories/39503
http://www.debian.org/security/2010/dsa-2034
http://www.phpmyadmin.net/home_page/security/PMASA-2010-3.php
http://www.vupen.com/english/advisories/2010/0910
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/scripts/setup.php?r1=13149&r2=13148&pathrev=13149
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=13149
http://secunia.com/advisories/38211
http://secunia.com/advisories/39503
http://www.debian.org/security/2010/dsa-2034
http://www.phpmyadmin.net/home_page/security/PMASA-2010-3.php
http://www.vupen.com/english/advisories/2010/0910