CVE-2008-1149

Priority
Low
Description
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters
instead of $_GET and $_POST, which allows attackers in the same domain to
override certain variables and conduct SQL injection and Cross-Site Request
Forgery (CSRF) attacks by using crafted cookies.
References
Bugs
Assigned-to
emgent
Package
Upstream:released (2.11.5)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:32:07 UTC (commit 9756)