CVE-2006-5116

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions prior to 2.9.1-rc1

Description The issue allows remote attackers to perform unauthorized actions as another user due to multiple cross-site request forgery (CSRF) vulnerabilities. This is related to the direct setting of a token in the URL through dynamic variable evaluation and unsetting arbitrary variables via the REQUEST array. The affected files include libraries/common.lib.php, session.inc.php, and url generating.lib.php.

Recommendations For versions prior to 2.9.1-rc1, update to version 2.9.1-rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive functions and variables to minimize the risk of exploitation. Avoid using the REQUEST array to unset arbitrary variables in the affected API endpoints until the issue is resolved.