Описание
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 4:2.8.0.3-1ubuntu0.1 |
| devel | released | 4:2.11.3-1ubuntu1 |
| edgy | released | 4:2.8.2-0.2ubuntu0.1 |
| feisty | released | 4:2.9.1.1-2ubuntu1.2 |
| gutsy | released | 4:2.10.3-1ubuntu0.2 |
| upstream | released | 2.11.5 |
Показывать по
Ссылки на источники
EPSS
5.1 Medium
CVSS2
Связанные уязвимости
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters ...
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.
EPSS
5.1 Medium
CVSS2