Red Hat Bugzilla – Bug 435706
CVE-2008-1149 phpMyAdmin 2.11.5 contains a security fix
Last modified: 2008-04-24 07:10:59 EDT
SQL injection via maliciously crafted cookie. Application running from the same
domain as phpMyAdmin must create the cookie for phpMyAdmin to pick up to exploit
See upstream advisory for details:
CVE name was requested.
phpMyAdmin-2.11.5-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-2.11.5-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters
instead of $_GET and $_POST, which allows attackers in the same domain
to override certain variables and conduct SQL injection and Cross Site
Request Forgery (CSRF) attacks by using crafed cookies.
This issue was addressed in: