FKIE_CVE-2008-5621

Vulnerability from fkie_nvd - Published: 2008-12-17 02:30 - Updated: 2026-04-23 00:35
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
cve@mitre.orghttp://osvdb.org/50894
cve@mitre.orghttp://secunia.com/advisories/33076Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/33146Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/33246Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/33822Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/33912Vendor Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200903-32.xml
cve@mitre.orghttp://securityreason.com/securityalert/4753
cve@mitre.orghttp://typo3.org/teams/security/security-bulletins/typo3-20081222-1/
cve@mitre.orghttp://www.debian.org/security/2009/dsa-1723
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2009/02/12/1
cve@mitre.orghttp://www.phpmyadmin.net/home_page/security/PMASA-2008-10.phpPatch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/32720Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/3402
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/3501Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/47168
cve@mitre.orghttps://www.exploit-db.com/exploits/7382
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2008-December/msg00784.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/50894
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33076Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33146Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33246Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33822Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33912Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200903-32.xml
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/4753
af854a3a-2127-422b-91ae-364da2661108http://typo3.org/teams/security/security-bulletins/typo3-20081222-1/
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1723
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2009/02/12/1
af854a3a-2127-422b-91ae-364da2661108http://www.phpmyadmin.net/home_page/security/PMASA-2008-10.phpPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/32720Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/3402
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/3501Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/47168
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/7382
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00784.html
Impacted products
Vendor Product Version
phpmyadmin phpmyadmin 2.11.0
phpmyadmin phpmyadmin 2.11.0.0
phpmyadmin phpmyadmin 2.11.1
phpmyadmin phpmyadmin 2.11.1.0
phpmyadmin phpmyadmin 2.11.1.1
phpmyadmin phpmyadmin 2.11.1.2
phpmyadmin phpmyadmin 2.11.2
phpmyadmin phpmyadmin 2.11.2.0
phpmyadmin phpmyadmin 2.11.2.1
phpmyadmin phpmyadmin 2.11.2.2
phpmyadmin phpmyadmin 2.11.3
phpmyadmin phpmyadmin 2.11.3.0
phpmyadmin phpmyadmin 2.11.4.0
phpmyadmin phpmyadmin 2.11.5.0
phpmyadmin phpmyadmin 2.11.5.1
phpmyadmin phpmyadmin 2.11.5.2
phpmyadmin phpmyadmin 2.11.6.0
phpmyadmin phpmyadmin 2.11.7
phpmyadmin phpmyadmin 2.11.7.0
phpmyadmin phpmyadmin 2.11.8
phpmyadmin phpmyadmin 2.11.9.0
phpmyadmin phpmyadmin 2.11.9.1
phpmyadmin phpmyadmin 2.11.9.2
phpmyadmin phpmyadmin 2.11.9.3
phpmyadmin phpmyadmin 3.0.0
phpmyadmin phpmyadmin 3.0.1
phpmyadmin phpmyadmin 3.1.0.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98FF47C-8BA8-40E1-98F5-743CAD5DC52A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "962B49A9-380D-4B19-929B-50793EF621C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B9F52BC-AC6A-41BB-8276-6176FA068929",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BC82C85-C9CF-424D-A07A-E841F7AC1904",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0549FC5-B8E8-455D-867B-BAF321DE7004",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "01DA6D40-2D3A-4490-B4E6-1367C585ED9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E351CA2-71DB-4025-8477-24DFE5349195",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "34AB221E-3DFA-43E4-9DBA-5565F81C0120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB774D1-8B5D-4118-8A5B-D7D14D7DE162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C10F7C9-FAAA-4D05-8CB2-F5CB397F8410",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "54669C6E-C13B-4602-9CC1-53B24CB897FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F8AAB78-8460-43BB-9326-0395F7496EC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3329598B-BEA5-4119-A558-DAA432239A84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA5BCF7D-43FC-459C-8564-F0DCDC301FC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA6A75C9-C695-45DF-9526-8DEA506FB21F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03246EF4-F805-4C1C-9E6C-D85AFBD2D168",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AF4BA83-50C0-4D90-9755-CC99A0FF987E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE588389-7B4F-4949-BB7A-233C6BE31859",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E709A6B-B580-414B-8CEE-8FF99F8409C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B9AA2E6-CF57-40A1-9A9C-B704D8B009F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26E7D37-FA99-42EA-8E19-ED2343E8E70A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A982E152-5A20-4A3A-9A98-6CF9EEF9141A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFA11353-1DD1-4593-84E8-1D3CBB2C2166",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0C19FB-60DF-440F-9A32-B9C62EBA9836",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ED38B88-A4D2-40B4-A5A8-A9FD1BCAAF8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "56908EFC-CCA8-4B22-8F8F-FB23C934D6E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBEBBAAF-BAA7-40E9-A0FF-F8618A3ED2D2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter.  NOTE: other unspecified pages are also reachable, but they have the same root cause.  NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en phpMyAdmin v2.11.x anterior a v2.11.9.4 y v3.x anterior a v3.1.1.0; permite a atacantes remotos realizar acciones no autorizadas como administrador a trav\u00e9s de un enlace o etiqueta IMG a tbl_structure.php con un par\u00e1metro \"table\" (tabla) modificado. NOTA: esto puede ser utilizar para realizar ataques de inyecci\u00f3n SQL y ejecutar c\u00f3digo arbitrariamente."
    }
  ],
  "id": "CVE-2008-5621",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-12-17T02:30:00.280",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/50894"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33076"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33146"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33246"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33822"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33912"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200903-32.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/4753"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2009/dsa-1723"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2009/02/12/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2008-10.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/32720"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/3402"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3501"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47168"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/7382"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00784.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/50894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33076"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33146"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33246"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33822"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33912"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200903-32.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4753"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2009/02/12/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2008-10.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/32720"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/3402"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3501"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/7382"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00784.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.