Phpmyadmin : Security Vulnerabilities, CVEs, Published In 2008 (Code Execution)
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.
Max CVSS
6.0
EPSS Score
1.53%
Published
2008-12-17
Updated
2017-09-29
libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.
Max CVSS
8.5
EPSS Score
7.82%
Published
2008-09-18
Updated
2017-08-08
2 vulnerabilities found