FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- cross-site request forgery vulnerability

Affected packages
phpMyAdmin211 < 2.11.9.4
phpMyAdmin < 3.1.1

Details

VuXML ID 54f72962-c7ba-11dd-a721-0030843d3802
Discovery 2008-12-09
Entry 2008-12-11
Modified 2010-05-02

The phpMyAdmin Team reports:

A logged-in user can be subject of SQL injection through cross site request forgery. Several scripts in phpMyAdmin are vulnerable and the attack can be made through table parameter.

References

CVE Name CVE-2008-5621
URL http://secunia.com/advisories/33076/
URL http://www.milw0rm.com/exploits/7382
URL http://www.phpmyadmin.net/home_page/security/PMASA-2008-10.php