Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1149

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2008-1149
Last Modified 10 Aug 2011 12:00:00
Published 04 Mar 2008 06:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-1149

Summary

phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.

Vulnerable Systems

Application

  • Phpmyadmin 2.11.0

  • Phpmyadmin 2.11.0.0

  • Phpmyadmin 2.11.1

  • Phpmyadmin 2.11.1.0

  • Phpmyadmin 2.11.1.1

  • Phpmyadmin 2.11.1.2

  • Phpmyadmin 2.11.2

  • Phpmyadmin 2.11.2.0

  • Phpmyadmin 2.11.2.1

  • Phpmyadmin 2.11.2.2

  • Phpmyadmin 2.11.3

  • Phpmyadmin 2.11.3.0

  • Phpmyadmin 2.11.4


References

BID - 28068

CONFIRM - http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-1

DEBIAN - DSA-1557

FEDORA - FEDORA-2008-2229

FEDORA - FEDORA-2008-2189

XF - phpmyadmin-request-sql-injection(40968)

VUPEN - ADV-2008-0758

VUPEN - ADV-2008-0731

MANDRIVA - MDVSA-2008:131

GENTOO - GLSA-200803-15

SECUNIA - 33822

SECUNIA - 32834

SECUNIA - 30816

SECUNIA - 29964

SECUNIA - 29287

SECUNIA - 29200

SECUNIA - 29143

SUSE - SUSE-SR:2009:003

SUSE - SUSE-SR:2008:026


Last Updated: 27 May 2016 10:47:02