VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 3, 2006· Updated Jun 16, 2026

CVE-2006-5116

CVE-2006-5116

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

9
  • PhpMyAdmin/phpMyAdmin9 versions
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.1:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.1_dev:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0_dev:*:*:*:*:*:*:*
    • (no CPE)range: <2.9.1-rc1

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.