FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- XSRF vulnerabilities

Affected packages
phpMyAdmin < 2.8.1

Details

VuXML ID 2ecd02e2-e864-11da-b9f4-00123ffe8333
Discovery 2006-05-20
Entry 2006-05-21

phpMyAdmin security team reports:

It was possible to inject arbitrary SQL commands by forcing an authenticated user to follow a crafted link.

Such issue is quite common in many PHP applications and users should take care what links they follow. We consider these vulnerabilities to be quite dangerous.

[source]

References

CVE Name CVE-2006-1804
URL http://secunia.com/advisories/19659
URL http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-3

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.