PT-2015-6339 · Phpmyadmin+1 · Phpmyadmin+1
Madhura Jayaratne
·
Published
2014-05-05
·
Updated
2024-06-15
·
CVE-2015-3902
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
phpMyAdmin versions 4.0.x through 4.0.10.9
phpMyAdmin versions 4.2.x through 4.2.13.2
phpMyAdmin versions 4.3.x through 4.3.13.0
phpMyAdmin versions 4.4.x through 4.4.6.0
Description
The issue allows remote attackers to hijack the authentication of administrators for requests that modify the configuration file due to multiple cross-site request forgery (CSRF) vulnerabilities in the setup process.
Recommendations
For phpMyAdmin versions 4.0.x through 4.0.10.9, update to version 4.0.10.10 or later.
For phpMyAdmin versions 4.2.x through 4.2.13.2, update to version 4.2.13.3 or later.
For phpMyAdmin versions 4.3.x through 4.3.13.0, update to version 4.3.13.1 or later.
For phpMyAdmin versions 4.4.x through 4.4.6.0, update to version 4.4.6.1 or later.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Phpmyadmin