DEBIAN-CVE-2008-1149
phpMyAdmin before 2.11.5 accesses $REQUEST to obtain some parameters instead of $GET and $POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery CSRF attacks by using crafted cookies...