CVE-2015-3902

NameCVE-2015-3902
DescriptionMultiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configuration file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-336-1, DSA-3382-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
phpmyadmin (PTS)bullseye4:5.0.4+dfsg2-2+deb11u1fixed
bookworm4:5.2.1+dfsg-1fixed
sid, trixie4:5.2.1+dfsg-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
phpmyadminsourcesqueeze4:3.3.7-9DLA-336-1
phpmyadminsourcewheezy4:3.4.11.1-2+deb7u2DSA-3382-1
phpmyadminsourcejessie4:4.2.12-2+deb8u1DSA-3382-1
phpmyadminsource(unstable)4:4.4.6.1-1unimportant

Search for package or bug name: Reporting problems