CVE-2008-1149
Published: 4 March 2008
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.
Priority
Status
Package | Release | Status |
---|---|---|
phpmyadmin Launchpad, Ubuntu, Debian |
dapper |
Released
(4:2.8.0.3-1ubuntu0.1)
|
edgy |
Released
(4:2.8.2-0.2ubuntu0.1)
|
|
feisty |
Released
(4:2.9.1.1-2ubuntu1.2)
|
|
gutsy |
Released
(4:2.10.3-1ubuntu0.2)
|
|
upstream |
Released
(2.11.5)
|