FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-1149

This CVE name corresponds to:

Entered Topic
2008-03-04 phpmyadmin -- SQL injection vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-1149 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-1149
Phase Assigned(20080304)

Description

phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.

References

Source Reference
CONFIRM http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-1
DEBIAN DSA-1557
FEDORA FEDORA-2008-2189
FEDORA FEDORA-2008-2229
GENTOO GLSA-200803-15
MANDRIVA MDVSA-2008:131
SUSE SUSE-SR:2008:026
SUSE SUSE-SR:2009:003
BID 28068
VUPEN ADV-2008-0731
VUPEN ADV-2008-0758
SECUNIA 29200
SECUNIA 29287
SECUNIA 29143
SECUNIA 29964
SECUNIA 30816
SECUNIA 32834
SECUNIA 33822
XF phpmyadmin-request-sql-injection(40968)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.