Bugzilla – Bug 11899
phpMyAdmin XSRF vulnerabilities
Last modified: 2006-06-11 11:02:49 UTC
phpMyAdmin security announcement PMASA-2006-3 Announcement-ID: PMASA-2006-3 Date: 2006-05-20 Summary: XSRF vulnerabilities Description: It was possible to inject arbitrary SQL commands by forcing an authenticated user to follow a crafted link. Severity: Such issue is quite common in many PHP applications and users should take care what links they follow. We consider these vulnerabilities to be quite dangerous. Affected versions: Some versions previous to 2.8.1 suffer from this vulneribility. Solution: Upgrade to phpMyAdmin 2.8.1. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1804 For further information and in case of questions, please contact the phpMyAdmin team. Our website is http://www.phpmyadmin.net/. --- Fixed in devel and test grimoire.
p4 changes 79634 and 79635
integrated to stable-rc and stable p4 describe 79643
sm-security note [SMGLSA-2006-27] http://lists.ibiblio.org/pipermail/sm-security/2006-May/000493.html