// For flags

CVE-2006-5116

 

Severity Score

5.1
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017.

Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en phpMyAdmin anteror a 2.9.1-rc1 rem realizar acciones no autorizadas como otro usuario (1) estableciendo directamente un testigo en el URL mediante evaluación dinámica de variable y (2) cambiar variables de su elección mediante el array _REQUEST, relacionado con (a) libraries/common.lib.php, (b) session.inc.php, y (3) url_generating.lib.php. NOTA: el vector de la función unset de PHP se trata en CVE-2006-3017.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-10-02 CVE Reserved
  • 2006-10-02 CVE Published
  • 2023-11-28 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.8.0.1
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.8.0.1"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.8.0.2
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.8.0.2"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.8.0.3
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.8.0.3"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.8.1
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.8.1"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.8.1_dev
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.8.1_dev"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.8.3
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.8.3"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.8.4
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.8.4"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.9.0_dev
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.9.0_dev"
-
Affected