Launchpad.net

CVE 2008-5621

Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.

Related bugs and status

CVE-2008-5621 (Candidate) is related to these bugs:

Bug #306699: please sync phpmyadmin for intrepid with 4:2.11.8.1-5 from debian stable

Summary				In	Importance	Status
	306699	please sync phpmyadmin for intrepid with 4:2.11.8.1-5 from debian stable		phpmyadmin (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.phpmyadmin....
FEDORA: FEDORA-2008-11221
BID: 32720
SECUNIA: 33076
SECUNIA: 33146
SREASON: 4753
SUSE: SUSE-SR:2009:003
DEBIAN: DSA-1723
SECUNIA: 33912
SECUNIA: 33822
MLIST: [oss-security] 2009021...
GENTOO: GLSA-200903-32
CONFIRM: http://typo3.org/teams...
OSVDB: 50894
SECUNIA: 33246
VUPEN: ADV-2008-3501
VUPEN: ADV-2008-3402
XF: phpmyadmin-tblstructur...
EXPLOIT-DB: 7382