CVE-2008-1149

Published: 04 March 2008

phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.

Priority

Low

Status

Package Release Status
phpmyadmin
Launchpad, Ubuntu, Debian
Upstream
Released (2.11.5)