LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

phpmyadmin: multiple vulnerabilities

Package(s):phpmyadmin CVE #(s):CVE-2008-3197 CVE-2008-3456 CVE-2008-3457 CVE-2008-4096
Created:September 22, 2008 Updated:March 19, 2009
Description:

From the Debian advisory:

CVE-2008-4096: Remote authenticated users could execute arbitrary code on the host running phpMyAdmin through manipulation of a script parameter.

CVE-2008-3457: Cross site scripting through the setup script was possible in rare circumstances.

CVE-2008-3456: Protection has been added against remote websites loading phpMyAdmin into a frameset.

CVE-2008-3197: Cross site request forgery allowed remote attackers to create a new database, but not perform any other action on it.

Alerts:
Gentoo 200903-32 2009-03-18
SuSE SUSE-SR:2008:026 2008-11-24
SuSE SUSE-SR:2009:003 2009-02-02
Mandriva MDVSA-2008:202 2008-09-23
Debian DSA-1641-1 2008-09-20
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds