PMASA-2006-3
Announcement-ID: PMASA-2006-3
Date: 2006-05-20
Summary
XSRF vulnerabilities
Description
It was possible to inject arbitrary SQL commands by forcing an authenticated user to follow a crafted link.
Severity
Such issue is quite common in many PHP applications and users should take care what links they follow. We consider these vulnerabilities to be quite dangerous.
Affected Versions
Some versions previous to 2.8.1 suffer from this vulnerability.
Solution
Upgrade to phpMyAdmin 2.8.1.
References
Assigned CVE IDs: CVE-2006-1804
Patches
The following commits have been made to fix this issue:
More information
For further information and in case of questions, please contact the phpMyAdmin security team at security@phpmyadmin.net.
Announcements
PMASA-2016-71
PMASA-2016-70
PMASA-2016-69
PMASA-2016-68
PMASA-2016-67
PMASA-2016-66
PMASA-2016-65
PMASA-2016-64
PMASA-2016-63
PMASA-2016-62
PMASA-2016-61
PMASA-2016-60
PMASA-2016-59
PMASA-2016-58
PMASA-2016-57
PMASA-2016-56
PMASA-2016-55
PMASA-2016-54
PMASA-2016-53
PMASA-2016-52
PMASA-2016-51
PMASA-2016-50
PMASA-2016-49
PMASA-2016-48
PMASA-2016-47
PMASA-2016-46
PMASA-2016-45
PMASA-2016-44
PMASA-2016-43
PMASA-2016-42
PMASA-2016-41
PMASA-2016-40
PMASA-2016-39
PMASA-2016-38
PMASA-2016-37
PMASA-2016-36
PMASA-2016-35
PMASA-2016-34
PMASA-2016-33
PMASA-2016-32
PMASA-2016-31
PMASA-2016-30
PMASA-2016-29
PMASA-2016-28
PMASA-2016-27
PMASA-2016-26
PMASA-2016-25
PMASA-2016-24
PMASA-2016-23
PMASA-2016-22
PMASA-2016-21
PMASA-2016-20
PMASA-2016-19
PMASA-2016-18
PMASA-2016-17
PMASA-2016-16
PMASA-2016-15
PMASA-2016-14
PMASA-2016-13
PMASA-2016-12
PMASA-2016-11
PMASA-2016-10
PMASA-2016-9
PMASA-2016-8
PMASA-2016-7
PMASA-2016-6
PMASA-2016-5
PMASA-2016-4
PMASA-2016-3
PMASA-2016-2
PMASA-2016-1