FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- XSRF vulnerabilities

Affected packages
phpMyAdmin < 2.9.0.1

Details

VuXML ID 19b17ab4-51e0-11db-a5ae-00508d6a62df
Discovery 2006-09-28
Entry 2006-10-02
Modified 2006-10-03

phpMyAdmin team reports:

We received a security advisory from Stefan Esser ([email protected]) and we wish to thank him for his work.

It was possible to inject arbitrary SQL commands by forcing an authenticated user to follow a crafted link.

[source]

References

Bugtraq ID 20253
CVE Name CVE-2006-5116
CVE Name CVE-2006-5117
URL http://secunia.com/advisories/22126/
URL http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-5

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.

OSZAR »