CVE-2008-1149

2008-03-0423:44:00

Debian Security Bug Tracker

security-tracker.debian.org

0.002 Low

EPSS

Percentile

61.5%

JSON

phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.

OSVersionArchitecturePackageVersionFilename
Debian12allphpmyadmin< 4:2.11.5-1phpmyadmin_4:2.11.5-1_all.deb
Debian11allphpmyadmin< 4:2.11.5-1phpmyadmin_4:2.11.5-1_all.deb
Debian999allphpmyadmin< 4:2.11.5-1phpmyadmin_4:2.11.5-1_all.deb
Debian13allphpmyadmin< 4:2.11.5-1phpmyadmin_4:2.11.5-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	phpmyadmin	< 4:2.11.5-1	phpmyadmin_4:2.11.5-1_all.deb
Debian	11	all	phpmyadmin	< 4:2.11.5-1	phpmyadmin_4:2.11.5-1_all.deb
Debian	999	all	phpmyadmin	< 4:2.11.5-1	phpmyadmin_4:2.11.5-1_all.deb
Debian	13	all	phpmyadmin	< 4:2.11.5-1	phpmyadmin_4:2.11.5-1_all.deb

0.002 Low

EPSS

Percentile

61.5%

JSON

Related for DEBIANCVE:CVE-2008-1149