Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Hardened-PHP Project:
Advisory - phpMyAdmin Multiple CSRF Vulnerabilities
Oct 02, 2006 @ 09:51:00

The Hardened-PHP Project has issued another advisory today, this time effecting the popular database administration package phpMyAdmin.

During an audit of phpMyAdmin's protection against CSRF: Cross Site Request Forgeries we discovered that there were multiple ways to bypass the protection.

The failure of phpMyAdmin's CSRF protection obviously means that a potential attacker can use CSRF attacks to trick the browser of a phpMyAdmin user to execute any kind of SQL queries on the victims database server.

The advisory mentions the source of the problem - a random token that is in the user's session that could be exploited to gain unauthorized access to an account. Their recommendation is to update to the latest version of phpMyAdmin ( as of the time of this post) to help resolve the issue.

tagged: phpmyadmin csrf vulnerability multiple advisory phpmyadmin csrf vulnerability multiple advisory