Vulnerability Description
phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpmyadmin | Phpmyadmin | <= 2.11.7.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
- http://secunia.com/advisories/31263Vendor Advisory
- http://secunia.com/advisories/31312
- http://secunia.com/advisories/32834
- http://www.debian.org/security/2008/dsa-1641
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:202
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6
- http://www.securityfocus.com/bid/30420
- http://www.vupen.com/english/advisories/2008/2226/references
- http://yehg.net/lab/pr0js/advisories/Cross-Site_Framing_inphpMyAdmin2.11.7.pdfExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44050
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01239.html
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01316.html
- http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
- http://secunia.com/advisories/31263Vendor Advisory
FAQ
What is CVE-2008-3456?
CVE-2008-3456 is a vulnerability with a CVSS score of 6.4 (MEDIUM). phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing acti...
How severe is CVE-2008-3456?
CVE-2008-3456 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3456?
Check the references section above for vendor advisories and patch information. Affected products include: Phpmyadmin Phpmyadmin.