Description
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.
Remediation
References
Related Vulnerabilities
Apache Tomcat Other Vulnerability (CVE-2006-7197)
WordPress Plugin Content Copy Protection & Prevent Image Save Cross-Site Request Forgery (1.3)
WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud Security Bypass (4.10.7)
Internet Information Services Other Vulnerability (CVE-1999-1537)