CVE-2008-1149

2008-03-04T23:44:00
ID CVE-2008-1149
Type cve
Reporter cve@mitre.org
Modified 2017-08-08T01:29:00

Description

phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.