CVE-2008-1149

phpMyAdmin <2.11.5 - CSRF & SQL Injection

Title source: llm

Description

phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.

References (19)

Scores

EPSS 0.0076
EPSS Percentile 73.1%

Classification

CWE
CWE-352 CWE-89
Status draft

Affected Products (18)

phpmyadmin/phpmyadmin < 2.11.4
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
phpmyadmin/phpmyadmin
... and 3 more

Timeline

Published Mar 04, 2008
Tracked Since Feb 18, 2026