ID CVE-2006-5116
Summary Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017.
References
Vulnerable Configurations
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.2
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.2
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.3
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.3
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.1_dev
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.1_dev
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.3
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.3
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.4
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.4
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0_dev
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0_dev
CVSS
Base: 5.1 (as of 03-10-2006 - 13:51)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_19B17AB451E011DBA5AE00508D6A62DF.NASL
    description phpMyAdmin team reports : We received a security advisory from Stefan Esser (sesser@hardened-php.net) and we wish to thank him for his work. It was possible to inject arbitrary SQL commands by forcing an authenticated user to follow a crafted link.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 22487
    published 2006-10-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22487
    title FreeBSD : phpmyadmin -- CSRF vulnerabilities (19b17ab4-51e0-11db-a5ae-00508d6a62df)
  • NASL family CGI abuses
    NASL id PHPMYADMIN_291.NASL
    description The version of phpMyAdmin installed on the remote host allows an unauthenticated attacker to bypass variable blacklisting in its globalization routine and destroy, for example, the contents of session variables.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 22512
    published 2006-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22512
    title phpMyAdmin < 2.9.1 Multiple Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1207.NASL
    description The phpmyadmin update in DSA 1207 introduced a regression. This update corrects this flaw. For completeness, please find below the original advisory text : Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-3621 CRLF injection vulnerability allows remote attackers to conduct HTTP response splitting attacks. - CVE-2005-3665 Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation. - CVE-2006-1678 Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via scripts in the themes directory. - CVE-2006-2418 A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the db parameter of footer.inc.php. - CVE-2006-5116 A remote attacker could overwrite internal variables through the _FILES global variable.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 23656
    published 2006-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23656
    title Debian DSA-1207-2 : phpmyadmin - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_PHPMYADMIN-2300.NASL
    description This patch upgrades the phpMyAdmin package to version 2.9.1.1, including fixes for the security problems tracked by the Mitre CVE IDs CVE-2006-3388, CVE-2006-5116, CVE-2006-5117, and CVE-2006-5718.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27395
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27395
    title openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-2300)
refmap via4
bid 20253
bugtraq 20061001 Advisory 07/2006: phpMyAdmin Multiple CSRF Vulnerabilities
confirm
debian DSA-1207
misc http://www.hardened-php.net/advisory_072006.130.html
secunia
  • 22126
  • 22781
  • 23086
sreason 1677
suse SUSE-SA:2006:071
vim 20061003 Concerning CSRF in phpMyAdmin 2.9.0.1 (CVE-2006-5116)
xf phpmyadmin-multiple-csrf(29301)
Last major update 05-09-2008 - 17:11
Published 03-10-2006 - 00:03
Last modified 17-10-2018 - 17:41
Back to Top