FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- XSRF vulnerabilities

Affected packages
phpMyAdmin < 2.9.0.1

Details

VuXML ID 19b17ab4-51e0-11db-a5ae-00508d6a62df
Discovery 2006-09-28
Entry 2006-10-02
Modified 2006-10-03

phpMyAdmin team reports:

We received a security advisory from Stefan Esser (sesser@hardened-php.net) and we wish to thank him for his work.

It was possible to inject arbitrary SQL commands by forcing an authenticated user to follow a crafted link.

References

Bugtraq ID 20253
CVE Name CVE-2006-5116
CVE Name CVE-2006-5117
URL http://secunia.com/advisories/22126/
URL http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-5