NVD

Id
63722  
Name
CVE-2006-5116  
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017.  
Reject
 
CVSS Version
2  
CVSS Score
5.1  
Severity
Medium  
CVSS Base Score
5.1  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:P/I:P/A:P)  
Pub Date
2016-12-20  
Published
2006-10-03  
Modified Date
2008-09-05  
Seq
2006-5116  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
332113 63722 CVE-2006-5116 20061003 Concerning CSRF in phpMyAdmin 2.9.0.1 (CVE-2006-5116)  View
332114 63722 CVE-2006-5116 SUSE-SA:2006:071  View
332115 63722 CVE-2006-5116 http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.9.1-rc1.tar.gz?download  View
332116 63722 CVE-2006-5116 1677  View
332117 63722 CVE-2006-5116 DSA-1207  View
332118 63722 CVE-2006-5116 http://www.hardened-php.net/advisory_072006.130.html  View
332119 63722 CVE-2006-5116 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-5  View
332120 63722 CVE-2006-5116 20061001 Advisory 07/2006: phpMyAdmin Multiple CSRF Vulnerabilities  View
332121 63722 CVE-2006-5116 20253  View
332122 63722 CVE-2006-5116 phpmyadmin-multiple-csrf(29301)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
60977 JVNDB-2006-003243 phpMyAdmin におけるクロスサイトリクエストフォージェリの脆弱性 phpMyAdmin には、クロスサイトリクエストフォージェリの脆弱性が存在します。 CVE-2006-5116 21218 CVE-2006-5116 63722 5.1 http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-003243.html 2006-10-01 2012-12-20 View