Back to search
CVE-2008-1149
Published: Mar 4, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
FEDORA-2008-2189
vendor-advisory
x_refsource_FEDORA
ADV-2008-0731
vdb-entry
x_refsource_VUPEN
SUSE-SR:2009:003
vendor-advisory
x_refsource_SUSE
ADV-2008-0758
vdb-entry
x_refsource_VUPEN
DSA-1557
vendor-advisory
x_refsource_DEBIAN
32834
third-party-advisory
x_refsource_SECUNIA
29964
third-party-advisory
x_refsource_SECUNIA
30816
third-party-advisory
x_refsource_SECUNIA
29287
third-party-advisory
x_refsource_SECUNIA
FEDORA-2008-2229
vendor-advisory
x_refsource_FEDORA
28068
vdb-entry
x_refsource_BID
phpmyadmin-request-sql-injection(40968)
vdb-entry
x_refsource_XF
33822
third-party-advisory
x_refsource_SECUNIA
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-1
x_refsource_CONFIRM
GLSA-200803-15
vendor-advisory
x_refsource_GENTOO
29200
third-party-advisory
x_refsource_SECUNIA
29143
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2008:026
vendor-advisory
x_refsource_SUSE
MDVSA-2008:131
vendor-advisory
x_refsource_MANDRIVA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now