DescriptionCross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 126.96.36.199 and 3.x before 188.8.131.52 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
|National Vulnerability Database|
- SUSE-SR:2009:003, published Mon, 02 Feb 2009 16:30:00 +0000
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE 11.0|| |