DescriptionCross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 18.104.22.168 and 3.x before 22.214.171.124 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.
NVD CVSS v2 Base Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Novell/SUSE informationNovell Bugzilla entry: 457889 SUSE Security Advisories:
- SUSE-SR:2009:003, published Mon, 02 Feb 2009 16:30:00 +0000
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE 11.0|| |