CVE-2008-3456 Information

Description

phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack.

Reference

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://secunia.com/advisories/31263 http://secunia.com/advisories/31312 http://secunia.com/advisories/32834 http://www.debian.org/security/2008/dsa-1641 http://www.mandriva.com/security/advisories?name=MDVSA-2008:202 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6 http://www.securityfocus.com/bid/30420 http://www.vupen.com/english/advisories/2008/2226/references http://yehg.net/lab/pr0js/advisories/Cross-Site_Framing_inphpMyAdmin2.11.7.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/44050 https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01239.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01316.html