Richard Cunningham

**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions prior to 2.11.5 **Description** The issue allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies, due to phpMyAdmin accessing `$ REQUEST` to obtain some parameters instead of `$ GET` and `$ POST`. **Recommendations** For versions prior to 2.11.5, update to version 2.11.5 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive parameters and validating user input to minimize the risk of exploitation. Avoid using crafted cookies in the affected domain until the issue is resolved.