Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-3197

Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set.

Related bugs and status

CVE-2008-3197 (Candidate) is related to these bugs:

Bug #306699: please sync phpmyadmin for intrepid with 4:2.11.8.1-5 from debian stable

Summary				In	Importance	Status
	306699	please sync phpmyadmin for intrepid with 4:2.11.8.1-5 from debian stable		phpmyadmin (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2008071...
MISC: http://yehg.net/lab/pr...
CONFIRM: http://www.phpmyadmin....
MISC: http://yehg.net/lab/pr...
CONFIRM: http://www.phpmyadmin....
SECUNIA: 31115
DEBIAN: DSA-1641
SUSE: SUSE-SR:2009:003
SECUNIA: 33822
MANDRIVA: MDVSA-2008:202
CONFIRM: http://sourceforge.net...
VUPEN: ADV-2008-2116
FEDORA: FEDORA-2008-6450
FEDORA: FEDORA-2008-6502
SECUNIA: 31097
XF: phpmyadmin-multi-csrf(...