Upstream information
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configuration file.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 6.8 |
Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | Partial |
Availability Impact | Partial |
SUSE Security Advisories:
- openSUSE-SU-2015:1191-1, published Sat, 4 Jul 2015 12:05:49 +0200 (CEST)
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
openSUSE Tumbleweed |
| Patchnames: openSUSE Tumbleweed GA phpMyAdmin-4.6.5.2-1.1 |
SUSE Timeline for this CVE
CVE page created: Wed May 13 22:16:36 2015CVE page last modified: Fri Oct 7 12:47:09 2022