Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x prior to 2.11.9.4 and 3.x prior to 3.1.1.0 allows remote malicious users to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpmyadmin phpmyadmin 2.11.1.0 |
||
phpmyadmin phpmyadmin 2.11.1.1 |
||
phpmyadmin phpmyadmin 2.11.3.0 |
||
phpmyadmin phpmyadmin 2.11.4.0 |
||
phpmyadmin phpmyadmin 2.11.9.0 |
||
phpmyadmin phpmyadmin 2.11.9.1 |
||
phpmyadmin phpmyadmin 2.11.0 |
||
phpmyadmin phpmyadmin 2.11.2.0 |
||
phpmyadmin phpmyadmin 2.11.2.1 |
||
phpmyadmin phpmyadmin 2.11.6.0 |
||
phpmyadmin phpmyadmin 2.11.7 |
||
phpmyadmin phpmyadmin 3.1.0.0 |
||
phpmyadmin phpmyadmin 3.0.1 |
||
phpmyadmin phpmyadmin 2.11.1.2 |
||
phpmyadmin phpmyadmin 2.11.2 |
||
phpmyadmin phpmyadmin 2.11.5.0 |
||
phpmyadmin phpmyadmin 2.11.5.1 |
||
phpmyadmin phpmyadmin 2.11.5.2 |
||
phpmyadmin phpmyadmin 2.11.9.2 |
||
phpmyadmin phpmyadmin 2.11.9.3 |
||
phpmyadmin phpmyadmin 2.11.0.0 |
||
phpmyadmin phpmyadmin 2.11.1 |
||
phpmyadmin phpmyadmin 2.11.2.2 |
||
phpmyadmin phpmyadmin 2.11.3 |
||
phpmyadmin phpmyadmin 2.11.7.0 |
||
phpmyadmin phpmyadmin 2.11.8 |
||
phpmyadmin phpmyadmin 3.0.0 |