CVE-2008-1149 — SQL Injection in Phpmyadmin
Severity
5.1MEDIUMNVD
EPSS
0.9%
top 24.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 4
Latest updateMay 1
Description
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.
CVSS vector
AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4