Description
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.
Remediation
References
Related Vulnerabilities
Beego Framework CVE-2022-31259 Vulnerability (CVE-2022-31259)
Serendipity Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1916)
WordPress 3.7.x Prototype Pollution (3.7 - 3.7.37)
WordPress Plugin wp-picasa-image Cross-Site Scripting (1.0)
WordPress Plugin Permalink Manager Lite Cross-Site Request Forgery (2.2.19.2)