CVE-2009-4605Phpmyadmin vulnerability

6 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
0.5%
top 35.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PhpmyadminDebian Phpmyadmin
Timeline
PublishedJan 19
Latest updateMay 2

Description

scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/phpmyadmin< phpmyadmin 4:3.2.4-1 (bookworm)
Debianphpmyadmin/phpmyadmin< 4:3.2.4-1+3
NVDphpmyadmin/phpmyadmin23 versions+22

Patches

Patch: phpmyadmin.svn.sourceforge.netPatch: phpmyadmin.svn.sourceforge.net

🔴Vulnerability Details

2
GHSA
GHSA-2vcq-4wwg-6wg7: scripts/setup2022-05-02
OSV
CVE-2009-4605: scripts/setup2010-01-19

📋Vendor Advisories

2
Red Hat
phpMyAdmin 2.x multiple vulnerabilities2010-01-15
Debian
CVE-2009-4605: phpmyadmin - scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 cal...2009

💬Community

1
Bugzilla
CVE-2008-7251 CVE-2008-7252 CVE-2009-4605 phpMyAdmin 2.x multiple vulnerabilities2010-01-20