CVE-2008-1149

Priority
Low
Description
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters
instead of $_GET and $_POST, which allows attackers in the same domain to
override certain variables and conduct SQL injection and Cross-Site Request
Forgery (CSRF) attacks by using crafted cookies.
References
Bugs
Assigned-to
emgent
Package
Upstream:released (2.11.5)
More Information

Updated: 2016-03-23 03:30:51 UTC (commit 10817)