Date: Thu, 19 Mar 2009 20:09:49 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com cc: Steven Christey <coley@...us.mitre.org> Subject: Re: CVE-2008-5621 is a duplicate (was: Re: CVE request: phpMyAdmin < 18.104.22.168 (SQL injection through XSRF on several pages )) On Thu, 12 Feb 2009, Thijs Kinkhorst wrote: > I propose that CVE-2008-5622 gets marked as a duplicate of CVE-2008-5621 > or rejected. Agreed. CVE-2008-5621 is preserved. - Steve ====================================================== Name: CVE-2008-5621 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5621 Reference: MILW0RM:7382 Reference: URL:http://www.milw0rm.com/exploits/7382 Reference: CONFIRM:http://www.phpmyadmin.net/home_page/security/PMASA-2008-10.php Reference: DEBIAN:DSA-1723 Reference: URL:http://www.debian.org/security/2009/dsa-1723 Reference: FEDORA:FEDORA-2008-11221 Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00784.html Reference: FEDORA:FEDORA-2008-11221 Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00784.html Reference: SUSE:SUSE-SR:2009:003 Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html Reference: BID:32720 Reference: URL:http://www.securityfocus.com/bid/32720 Reference: VUPEN:ADV-2008-3402 Reference: URL:http://www.frsirt.com/english/advisories/2008/3402 Reference: SECUNIA:33076 Reference: URL:http://secunia.com/advisories/33076 Reference: SECUNIA:33146 Reference: URL:http://secunia.com/advisories/33146 Reference: SECUNIA:33912 Reference: URL:http://secunia.com/advisories/33912 Reference: SECUNIA:33822 Reference: URL:http://secunia.com/advisories/33822 Reference: SREASON:4753 Reference: URL:http://securityreason.com/securityalert/4753 Reference: XF:phpmyadmin-tblstructure-csrf(47168) Reference: URL:http://xforce.iss.net/xforce/xfdb/47168 Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 22.214.171.124 and 3.x before 126.96.36.199 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code. ====================================================== Name: CVE-2008-5622 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5622 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-5621. Reason: This candidate is a duplicate of CVE-2008-5621. Notes: All CVE users should reference CVE-2008-5621 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.