Details
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.Novell Bugzilla entry: 369063,410768 SUSE Security Advisories:
- SUSE-SR:2008:026, published Mon, 24 Nov 2008 16:00:00 +0000
- SUSE-SR:2008:026 , published Mon, 24 Nov 2008 16:00:00 +0000
- SUSE-SR:2009:003, published Mon, 02 Feb 2009 16:30:00 +0000
- SUSE-SR:2009:003 , published Mon, 02 Feb 2009 16:30:00 +0000
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| openSUSE 10.2 |
| |
| openSUSE 10.3 |
| |
| openSUSE 10.3 openSUSE 11.0 |
| ZYPP Patch Nr: 5935 SAT Patch Nr: 442 |