phpMyAdmin 3.1.0 CVE-2008-5621: XSRF Bypass Leading to SQL Injection and RCE

## Critical Vulnerability Information - **Vulnerability Name**: phpMyAdmin 3.1.0 (XSRF) SQL Injection Vulnerability - **CVE ID**: CVE-2008-5621 - **Risk Level**: Medium - **CWE ID**: CWE-352 (Cross-Site Request Forgery (CSRF)) - **CVSS Base Score**: 6.10 - **CVSS Impact Subscore**: 6.4/10 - **CVSS Exploitability Subscore**: 6.8/10 - **Risk Rating** - Impact Subscore: 6.4/10 - Attack Complexity: Medium - Confidentiality Impact: Partial - Integrity Impact: Partial - Availability Impact: Partial ### Vulnerability Details - **Affected Versions**: phpMyAdmin 3.1.0 - **Vulnerability Type**: SQL Injection via XSRF - **Vulnerability Cause**: Due to incomplete CSRF protection, attackers can exploit specific request parameters to bypass safeguards and perform SQL injection attacks. - **Exploitation Method**: - Exploits `db` and `table` parameters to carry out SQL injection attacks. - Bypasses protection by exploiting the whitelist in the `PMA_remove_request_vars()` function, generating malicious SQL statements and writing them to `backdoor.php`. - **Impact**: Enables remote code execution; attackers can write backdoor files and gain control over the server. ### Vulnerability Details - **SQL Injection Example**: ```sql SELECT COUNT(*) FROM `TABLES` where 0 union select char(60,63,112,104,... ``` - **Backdoor Paths**: - *nix: `/var/www/backdoor.php` - Windows: `c:/xampp/htdocs/backdoor.php` - **Mitigation Recommendations**: - Patch phpMyAdmin to ensure it is updated to the latest version. - Strengthen CSRF protection mechanisms to ensure all request parameters are properly validated. - Regularly inspect the server for suspicious files to prevent backdoor implantation.

Goal Reached Thanks to every supporter — we hit 100%!

phpMyAdmin 3.1.0 CVE-2008-5621: XSRF Bypass Leading to SQL Injection and RCE