Bug 435706 (CVE-2008-1149)
| Summary: | CVE-2008-1149 phpMyAdmin 2.11.5 contains a security fix | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Lubomir Kundrak <lkundrak> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | redhat |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-1 | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-04-24 11:10:59 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Lubomir Kundrak
2008-03-03 14:20:59 UTC
CVE name was requested. phpMyAdmin-2.11.5-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. phpMyAdmin-2.11.5-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. CVE-2008-1149: phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross Site Request Forgery (CSRF) attacks by using crafed cookies. This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-2229 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-2189 |