phpMyAdmin prior to 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpmyadmin phpmyadmin 2.11.3 |
||
phpmyadmin phpmyadmin 2.11.3.0 |
||
phpmyadmin phpmyadmin 2.11.1 |
||
phpmyadmin phpmyadmin 2.11.1.2 |
||
phpmyadmin phpmyadmin 2.11.1.1 |
||
phpmyadmin phpmyadmin |
||
phpmyadmin phpmyadmin 2.11.4 |
||
phpmyadmin phpmyadmin 2.11.2 |
||
phpmyadmin phpmyadmin 2.11.0.0 |
||
phpmyadmin phpmyadmin 2.11.0 |
||
phpmyadmin phpmyadmin 2.11.2.2 |
||
phpmyadmin phpmyadmin 2.11.1.0 |
||
phpmyadmin phpmyadmin 2.11.2.1 |
||
phpmyadmin phpmyadmin 2.11.2.0 |