phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters
instead of $_GET and $_POST, which allows attackers in the same domain to
override certain variables and conduct SQL injection and Cross-Site Request
Forgery (CSRF) attacks by using crafted cookies.
Updated: 2015-10-17 03:29:39 UTC (commit 10086)