CVE-2008-1149

Priority
Low
Description
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters
instead of $_GET and $_POST, which allows attackers in the same domain to
override certain variables and conduct SQL injection and Cross-Site Request
Forgery (CSRF) attacks by using crafted cookies.
References
Bugs
Assigned-to
emgent
Package
Upstream:released (2.11.5)
Ubuntu 8.04 LTS (Hardy Heron):released (4:2.11.3-1ubuntu1)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:18:38 UTC (commit 5347)