CVE-2015-3902 — Cross-Site Request Forgery in Phpmyadmin

CWE-352 — Cross-Site Request Forgery7 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

0.2%

top 55.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedMay 26

Latest updateMay 17

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configuration file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.4.6.1-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:4.4.6.1-1+3

▶NVDphpmyadmin/phpmyadmin54 versions+53

Patches

Patch: www.phpmyadmin.net ↗Patch: www.phpmyadmin.net ↗

🔴Vulnerability Details

GHSA

GHSA-4458-ww2x-8wwm: Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4↗2022-05-17

▶

OSV

CVE-2015-3902: Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4↗2015-05-26

▶

📋Vendor Advisories

Debian

CVE-2015-3902: phpmyadmin - Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process ...↗2015

▶

💬Community

Bugzilla

CVE-2015-3902 phpMyAdmin: XSRF/CSRF vulnerability in phpMyAdmin setup [epel-7]↗2015-05-18

▶

Bugzilla

CVE-2015-3902 phpMyAdmin4: phpMyAdmin: XSRF/CSRF vulnerability in phpMyAdmin setup [epel-5]↗2015-05-18

▶

Bugzilla

CVE-2015-3902 phpMyAdmin: XSRF/CSRF vulnerability in phpMyAdmin setup↗2015-05-14

▶