FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- cross-site request forgery vulnerability

Affected packages
phpMyAdmin211 < 2.11.9.4
phpMyAdmin < 3.1.1

Details

VuXML ID 54f72962-c7ba-11dd-a721-0030843d3802
Discovery 2008-12-09
Entry 2008-12-11

The phpMyAdmin Team reports:

A logged-in user can be subject of SQL injection through cross site request forgery. Several scripts in phpMyAdmin are vulnerable and the attack can be made through table parameter.

[source]

References

URL http://secunia.com/advisories/33076/
URL http://www.milw0rm.com/exploits/7382
URL http://www.phpmyadmin.net/home_page/security/PMASA-2008-10.php

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.