XSRF/CSRF for creating a database and modifying user charset
We received an advisory from Aung Khant (YGN Ethical Hacker Group), and we wish to thank him for his work. A logged-in user, if abused into clicking a crafted link or loading an attack page, would create a database he did not intend to, or would change his connection character set.
We consider this vulnerability to be serious.
Versions before 126.96.36.199.
Upgrade to phpMyAdmin 188.8.131.52 or newer.
These advisories are available from the reporter:
Assigned CVE ids: CVE-2008-3197
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.