Computer Security

CVE-2008-1149
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2008-1149
StatusCandidate
DescriptionphpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross Site Request Forgery (CSRF) attacks by using crafed cookies.
PhaseAssigned (04.03.2008)
SecurityVulns:Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
 Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1149
ReferencesBID : 28068
 CONFIRM : http://www.phpmyadmin.net/home_page/security.php?i...
 FEDORA : FEDORA-2008-2189
 FEDORA : FEDORA-2008-2229
 FRSIRT : ADV-2008-0731
 FRSIRT : ADV-2008-0758
 GENTOO : GLSA-200803-15
 SECUNIA : 29200
 SECUNIA : 29287
 XF : phpmyadmin-request-sql-injection(40968)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru