// For flags

CVE-2008-5621

phpMyAdmin 3.1.0 - Cross-Site Request Forgery / SQL Injection

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.

Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en phpMyAdmin v2.11.x anterior a v2.11.9.4 y v3.x anterior a v3.1.1.0; permite a atacantes remotos realizar acciones no autorizadas como administrador a través de un enlace o etiqueta IMG a tbl_structure.php con un parámetro "table" (tabla) modificado. NOTA: esto puede ser utilizar para realizar ataques de inyección SQL y ejecutar código arbitrariamente.

phpMyAdmin suffered from cross site scripting, cross site request forgery, and SQL injection vulnerabilities. This update provide the fix for these security issues. The previous update packages wasn't signed, this time they are.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-12-16 CVE Reserved
  • 2008-12-17 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2025-05-28 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.11.0
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.0"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.11.0.0
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.0.0"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.11.1
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.1"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.11.1.0
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.1.0"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.11.1.1
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.1.1"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.11.1.2
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.1.2"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.11.2
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.2"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.11.2.0
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.2.0"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.11.2.1
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.2.1"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.11.2.2
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.2.2"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.11.3
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.3"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.11.3.0
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.3.0"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.11.4.0
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.4.0"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.11.5.0
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.5.0"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.11.5.1
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.5.1"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.11.5.2
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.5.2"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.11.6.0
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.6.0"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.11.7
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.7"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.11.7.0
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.7.0"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.11.8
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.8"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.11.9.0
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.9.0"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.11.9.1
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.9.1"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.11.9.2
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.9.2"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 2.11.9.3
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.9.3"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 3.0.0
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "3.0.0"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 3.0.1
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "3.0.1"
-
Affected
Phpmyadmin
Search vendor "Phpmyadmin"
 Phpmyadmin
Search vendor "Phpmyadmin" for product "Phpmyadmin"
 3.1.0.0
Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "3.1.0.0"
-
Affected