Description

Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set.

Remediation

References

CVE-2008-3197

Related Vulnerabilities

MyBB Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2022-39265)

WordPress Plugin YT-Audio:Audio Hosting From YouTube in WordPress 'v' Parameter Cross-Site Scripting (1.7)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2151)

WordPress Plugin WP-Recall-Registration, Profile, Commerce & More Security Bypass (16.26.6)

Zope Web Application Server Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) (CVE-2021-33507)

Severity

Low

Classification

CVE-2008-3197 CWE-352

Tags

Missing Update Known Vulnerabilities