Vulnerabilities

CVE-2008-1149

by Fred · 04/03/2008

phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.

Date published : 2008-03-04

http://www.securityfocus.com/bid/28068

http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-1

Similar

Tags: Cybersecurity Alert