oss-sec mailing list archives
Re: CVE-2008-5621 is a duplicate (was: Re: [oss-security] CVE request: phpMyAdmin < 3.1.1.0 (SQL injection through XSRF on several pages ))
From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 19 Mar 2009 20:09:49 -0400 (EDT)
On Thu, 12 Feb 2009, Thijs Kinkhorst wrote:
I propose that CVE-2008-5622 gets marked as a duplicate of CVE-2008-5621 or rejected.
Agreed. CVE-2008-5621 is preserved. - Steve ====================================================== Name: CVE-2008-5621 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5621 Reference: MILW0RM:7382 Reference: URL:http://www.milw0rm.com/exploits/7382 Reference: CONFIRM:http://www.phpmyadmin.net/home_page/security/PMASA-2008-10.php Reference: DEBIAN:DSA-1723 Reference: URL:http://www.debian.org/security/2009/dsa-1723 Reference: FEDORA:FEDORA-2008-11221 Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00784.html Reference: FEDORA:FEDORA-2008-11221 Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00784.html Reference: SUSE:SUSE-SR:2009:003 Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html Reference: BID:32720 Reference: URL:http://www.securityfocus.com/bid/32720 Reference: VUPEN:ADV-2008-3402 Reference: URL:http://www.frsirt.com/english/advisories/2008/3402 Reference: SECUNIA:33076 Reference: URL:http://secunia.com/advisories/33076 Reference: SECUNIA:33146 Reference: URL:http://secunia.com/advisories/33146 Reference: SECUNIA:33912 Reference: URL:http://secunia.com/advisories/33912 Reference: SECUNIA:33822 Reference: URL:http://secunia.com/advisories/33822 Reference: SREASON:4753 Reference: URL:http://securityreason.com/securityalert/4753 Reference: XF:phpmyadmin-tblstructure-csrf(47168) Reference: URL:http://xforce.iss.net/xforce/xfdb/47168 Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code. ====================================================== Name: CVE-2008-5622 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5622 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-5621. Reason: This candidate is a duplicate of CVE-2008-5621. Notes: All CVE users should reference CVE-2008-5621 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Current thread:
- CVE-2008-5621 is a duplicate (was: Re: [oss-security] CVE request: phpMyAdmin < 3.1.1.0 (SQL injection through XSRF on several pages )) Thijs Kinkhorst (Feb 12)
- Re: CVE-2008-5621 is a duplicate (was: Re: [oss-security] CVE request: phpMyAdmin < 3.1.1.0 (SQL injection through XSRF on several pages )) Steven M. Christey (Mar 19)