CVE-2008-1149

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions prior to 2.11.5

Description The issue allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies, due to phpMyAdmin accessing $ REQUEST to obtain some parameters instead of $ GET and $ POST.

Recommendations For versions prior to 2.11.5, update to version 2.11.5 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive parameters and validating user input to minimize the risk of exploitation. Avoid using crafted cookies in the affected domain until the issue is resolved.