CVE-2008-3456

phpMyAdmin < 2.11.8 - Cross-Site Framing

Title source: llm
STIX 2.1

Description

phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack.

References (13)

Core 13
Core References
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:202
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01316.html
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01239.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44050
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32834
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2226/references
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2008/dsa-1641
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31312
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31263
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30420

Scores

EPSS 0.0171
EPSS Percentile 82.6%

Details

CWE
CWE-59
Status published
Products (42)
phpmyadmin/phpmyadmin 2.0
phpmyadmin/phpmyadmin 2.0.0
phpmyadmin/phpmyadmin 2.0.1
phpmyadmin/phpmyadmin 2.0.2
phpmyadmin/phpmyadmin 2.0.3
phpmyadmin/phpmyadmin 2.0.4
phpmyadmin/phpmyadmin 2.0.5
phpmyadmin/phpmyadmin 2.1
phpmyadmin/phpmyadmin 2.1.0
phpmyadmin/phpmyadmin 2.1.1
... and 32 more
Published Aug 04, 2008
Tracked Since Feb 18, 2026