[go: up one dir, main page]
|
|
Log in / Subscribe / Register

phpmyadmin: sql injection

Package(s):phpmyadmin CVE #(s):CVE-2008-1149
Created:March 10, 2008 Updated:February 2, 2009
Description:

From the Gentoo advisory:

Richard Cunningham reported that phpMyAdmin uses the $_REQUEST variable of $_GET and $_POST as a source for its parameters.

An attacker could entice a user to visit a malicious web application that sets an "sql_query" cookie and is hosted on the same domain as phpMyAdmin, and thereby conduct SQL injection attacks with the privileges of the user authenticating in phpMyAdmin afterwards.

Alerts:
SuSE SUSE-SR:2008:026 libxml2, phpMyAdmin, lighttpd, OpenOffice_org, imp, clamav, acroread, htop, cups 2008-11-24
SuSE SUSE-SR:2009:003 boinc-client, xrdp, phpMyAdmin, libnasl, moodle, net-snmp, audiofile, xterm, amarok, libpng, sudo, avahi 2009-02-02
Mandriva MDVSA-2008:131 phpMyAdmin 2008-07-04
Debian DSA-1557-1 phpmyadmin 2008-04-24
Gentoo 200803-15 phpmyadmin 2008-03-09
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds