Descriptionscripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
- SUSE-SR:2010:001, published Tue, 19 Jan 2010 17:00:00 +0000
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE 11.0|| |