Description
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Leads Unspecified Vulnerability (1.6.8)
WordPress Plugin Wordpress Picture/Portfolio/Media Gallery Server-Side Request Forgery (3.0.1)
Liferay DXP Incorrect Default Permissions Vulnerability (CVE-2021-38268)
Oracle JRE CVE-2024-20918 Vulnerability (CVE-2024-20918)
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15808)