CVE-2009-4605

scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.

Published: Jan 19, 2010
Updated: Apr 13, 2023
CVE: CVE-2009-4605
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
phpmyadmin / phpmyadmin	2.11.1.2	2.11.1.2.x
phpmyadmin / phpmyadmin	2.11.5.1	2.11.5.1.x
phpmyadmin / phpmyadmin	2.11.5.0	2.11.5.0.x
phpmyadmin / phpmyadmin	2.11.9.0	2.11.9.0.x
phpmyadmin / phpmyadmin	2.11.9.1	2.11.9.1.x
phpmyadmin / phpmyadmin	2.11.5.2	2.11.5.2.x
phpmyadmin / phpmyadmin	2.11.2.2	2.11.2.2.x
phpmyadmin / phpmyadmin	2.11.8.0	2.11.8.0.x
phpmyadmin / phpmyadmin	2.11.4.0	2.11.4.0.x
phpmyadmin / phpmyadmin	2.11.2.1	2.11.2.1.x
phpmyadmin / phpmyadmin	2.11.9.5	2.11.9.5.x
phpmyadmin / phpmyadmin	2.11.6.0	2.11.6.0.x
phpmyadmin / phpmyadmin	2.11.7.0	2.11.7.0.x
phpmyadmin / phpmyadmin	2.11.9.6	2.11.9.6.x
phpmyadmin / phpmyadmin	2.11.2.0	2.11.2.0.x
phpmyadmin / phpmyadmin	2.11.9.2	2.11.9.2.x
phpmyadmin / phpmyadmin	2.11.9.3	2.11.9.3.x
phpmyadmin / phpmyadmin	2.11.1.1	2.11.1.1.x
phpmyadmin / phpmyadmin	2.11.9.4	2.11.9.4.x
phpmyadmin / phpmyadmin	2.11.7.1	2.11.7.1.x
phpmyadmin / phpmyadmin	2.11.3.0	2.11.3.0.x
phpmyadmin / phpmyadmin	2.11.1.0	2.11.1.0.x
phpmyadmin / phpmyadmin	2.11.0	2.11.0.x

Vulnerability Database

289,697

CVE-2009-4605