CVE-2005-4450
phpMyAdmin 2.7.0 - Cross-Site Request Forgery via server_privileges.php
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of this issue is unknown, although third parties imply that it is related to the disclosure of CVE-2005-4349, which was labeled as SQL injection but disputed.
References (1)
Core 1
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18113
Scores
EPSS
0.0043
EPSS Percentile
62.8%
Details
Status
published
Products (1)
phpmyadmin/phpmyadmin
2.7.0_pl1
Published
Dec 21, 2005
Tracked Since
Feb 18, 2026