CVE-2008-3456 — Link Following in Phpmyadmin

CWE-59 — Link Following5 documents5 sources

Severity

6.4MEDIUMNVD

EPSS

1.7%

top 17.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedAug 4

Latest updateMay 2

Description

phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:2.11.8~rc1-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:2.11.8~rc1-1+3

▶NVDphpmyadmin/phpmyadmin2.11.7.0+41

🔴Vulnerability Details

GHSA

GHSA-xqqq-qrvp-j2jg: phpMyAdmin before 2↗2022-05-02

▶

OSV

CVE-2008-3456: phpMyAdmin before 2↗2008-08-04

▶

📋Vendor Advisories

Debian

CVE-2008-3456: phpmyadmin - phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using fram...↗2008

▶

Red Hat

phpMyAdmin: Cross-site Framing; XSS in setup.php (PMASA-2008-6 - CVE-2008-3456, CVE-2008-3457)↗

▶