what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2008-5621

Status Candidate

Overview

Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.

Related Files

Gentoo Linux Security Advisory 200903-32
Posted Mar 19, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200903-32 - Multiple vulnerabilities have been discovered in phpMyAdmin, the worst of which may allow for remote code execution. Versions less than 2.11.9.4 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2006-6942, CVE-2007-5977, CVE-2008-4096, CVE-2008-4775, CVE-2008-5621, CVE-2008-5622
SHA-256 | 84b576d5d56dcb25d0b1e8a4382cbe137d6660a1b4ff09053f94cae238c4e503
Mandriva Linux Security Advisory 2009-026
Posted Feb 26, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-026-1 - phpMyAdmin suffered from cross site scripting, cross site request forgery, and SQL injection vulnerabilities. This update provide the fix for these security issues. The previous update packages wasn't signed, this time they are.

tags | advisory, vulnerability, xss, sql injection, csrf
systems | linux, mandriva
advisories | CVE-2008-4775, CVE-2008-5621, CVE-2008-5622
SHA-256 | cb03b4a7f45f173639487a0d4ba5713cd6777f5c6fad1c3fcf62282aa78368ca
Debian Linux Security Advisory 1723-1
Posted Feb 12, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1723-1 - Michael Brooks discovered that phpMyAdmin, a tool to administrate MySQL over the web, performs insufficient input sanitizing allowing a user assisted remote attacker to execute code on the webserver.

tags | advisory, remote, web
systems | linux, debian
advisories | CVE-2008-5621
SHA-256 | 0ce8623c3eb2df117c5ee0aa0b3dbaa95f8eddf9d15ced49b7924312e3411fd2
Mandriva Linux Security Advisory 2009-026
Posted Jan 23, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-026 - phpMyAdmin has been updated to mitigate various cross site scripting and cross site request forgery vulnerabilities.

tags | advisory, vulnerability, xss, csrf
systems | linux, mandriva
advisories | CVE-2008-4775, CVE-2008-5621, CVE-2008-5622
SHA-256 | 8133881ab97608f592995b3f37b5dc7a0dce87a6f4a875a4915667794f46113e
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close