First published: Mon Oct 02 2006(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/phpmyadmin | 4:5.0.4+dfsg2-2+deb11u1 4:5.2.1+dfsg-1 | |
PhpMyAdmin | =2.8.1_dev | |
PhpMyAdmin | =2.8.3 | |
PhpMyAdmin | =2.8.0.2 | |
PhpMyAdmin | =2.9.0_dev | |
PhpMyAdmin | =2.8.0.1 | |
PhpMyAdmin | =2.8.1 | |
PhpMyAdmin | =2.8.0.3 | |
PhpMyAdmin | =2.8.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2006-5116 has a moderate severity level due to its cross-site request forgery vulnerabilities.
To fix CVE-2006-5116, upgrade to phpMyAdmin version 2.9.1-rc1 or later.
CVE-2006-5116 affects multiple phpMyAdmin versions including 2.8.1_dev, 2.8.3, and 2.9.0_dev.
Yes, CVE-2006-5116 allows remote attackers to perform unauthorized actions as another user.
Yes, CVE-2006-5116 specifically highlights multiple cross-site request forgery vulnerabilities.