Web application abuses : phpMyAdmin Multiple CSRF SQL Injection Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800210

Categoría: Web application abuses

Título: phpMyAdmin Multiple CSRF SQL Injection Vulnerabilities

Resumen: phpMyAdmin is prone to multiple CSRF Injection vulnerability.

Descripción: Summary:
phpMyAdmin is prone to multiple CSRF Injection vulnerability.

Vulnerability Insight:
This flaw is due to failure in sanitizing user-supplied data before being
used in the SQL queries via a link or IMG tag to tbl_structure.php with a modified table parameter.

Vulnerability Impact:
Successful exploitation will let the attacker execute arbitrary codes in the
context of the application and can compromise database, modify the data or can compromise the whole web application.

Affected Software/OS:
phpMyAdmin, phpMyAdmin version 2.11 to 2.11.9.3 and 3.0 to 3.1.0.9.

Solution:
Upgrade to version 2.11.9.4 or 3.1.1.0 or later.

CVSS Score:
6.0

CVSS Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-5621
BugTraq ID: 32720
http://www.securityfocus.com/bid/32720
Debian Security Information: DSA-1723 (Google Search)
http://www.debian.org/security/2009/dsa-1723
https://www.exploit-db.com/exploits/7382
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00784.html
http://security.gentoo.org/glsa/glsa-200903-32.xml
http://www.openwall.com/lists/oss-security/2009/02/12/1
http://osvdb.org/50894
http://secunia.com/advisories/33076
http://secunia.com/advisories/33146
http://secunia.com/advisories/33246
http://secunia.com/advisories/33822
http://secunia.com/advisories/33912
http://securityreason.com/securityalert/4753
SuSE Security Announcement: SUSE-SR:2009:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
http://www.vupen.com/english/advisories/2008/3402
http://www.vupen.com/english/advisories/2008/3501
XForce ISS Database: phpmyadmin-tblstructure-csrf(47168)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47168

Copyright Copyright (C) 2008 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800210
Categoría:	Web application abuses
Título:	phpMyAdmin Multiple CSRF SQL Injection Vulnerabilities
Resumen:	phpMyAdmin is prone to multiple CSRF Injection vulnerability.
Descripción:	Summary: phpMyAdmin is prone to multiple CSRF Injection vulnerability. Vulnerability Insight: This flaw is due to failure in sanitizing user-supplied data before being used in the SQL queries via a link or IMG tag to tbl_structure.php with a modified table parameter. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary codes in the context of the application and can compromise database, modify the data or can compromise the whole web application. Affected Software/OS: phpMyAdmin, phpMyAdmin version 2.11 to 2.11.9.3 and 3.0 to 3.1.0.9. Solution: Upgrade to version 2.11.9.4 or 3.1.1.0 or later. CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5621 BugTraq ID: 32720 http://www.securityfocus.com/bid/32720 Debian Security Information: DSA-1723 (Google Search) http://www.debian.org/security/2009/dsa-1723 https://www.exploit-db.com/exploits/7382 https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00784.html http://security.gentoo.org/glsa/glsa-200903-32.xml http://www.openwall.com/lists/oss-security/2009/02/12/1 http://osvdb.org/50894 http://secunia.com/advisories/33076 http://secunia.com/advisories/33146 http://secunia.com/advisories/33246 http://secunia.com/advisories/33822 http://secunia.com/advisories/33912 http://securityreason.com/securityalert/4753 SuSE Security Announcement: SUSE-SR:2009:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://www.vupen.com/english/advisories/2008/3402 http://www.vupen.com/english/advisories/2008/3501 XForce ISS Database: phpmyadmin-tblstructure-csrf(47168) https://exchange.xforce.ibmcloud.com/vulnerabilities/47168
Copyright	Copyright (C) 2008 Greenbone AG