phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters
instead of $_GET and $_POST, which allows attackers in the same domain to
override certain variables and conduct SQL injection and Cross-Site Request
Forgery (CSRF) attacks by using crafted cookies.
Updated: 2016-01-26 17:30:33 UTC (commit 10507)