PT-2015-6339 · Phpmyadmin+1 · Phpmyadmin+1
Madhura Jayaratne
·
Publicado
2014-05-05
·
Atualizado
2024-06-15
·
CVE-2015-3902
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
phpMyAdmin versions 4.0.x through 4.0.10.9
phpMyAdmin versions 4.2.x through 4.2.13.2
phpMyAdmin versions 4.3.x through 4.3.13.0
phpMyAdmin versions 4.4.x through 4.4.6.0
Description
The issue allows remote attackers to hijack the authentication of administrators for requests that modify the configuration file due to multiple cross-site request forgery (CSRF) vulnerabilities in the setup process.
Recommendations
For phpMyAdmin versions 4.0.x through 4.0.10.9, update to version 4.0.10.10 or later.
For phpMyAdmin versions 4.2.x through 4.2.13.2, update to version 4.2.13.3 or later.
For phpMyAdmin versions 4.3.x through 4.3.13.0, update to version 4.3.13.1 or later.
For phpMyAdmin versions 4.4.x through 4.4.6.0, update to version 4.4.6.1 or later.
Exploit
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Phpmyadmin