CVE-2008-1149
Published Mar 4, 2008
Last updated 7 years ago
Overview
- Description
- phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5.1
- Impact score
- 6.4
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-352
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B22BF32-DC77-4EB1-9DD8-0B2189039F0C",
"versionEndIncluding": "2.11.4"
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A98FF47C-8BA8-40E1-98F5-743CAD5DC52A"
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "346DF9C7-40BE-44FD-BB5A-23F60616E97F"
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B00F4D78-34C3-4934-8AFA-B7283388B246"
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "962B49A9-380D-4B19-929B-50793EF621C1"
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B9F52BC-AC6A-41BB-8276-6176FA068929"
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BDA3305E-CBC2-4469-923F-29EDA0402CB1"
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4BC82C85-C9CF-424D-A07A-E841F7AC1904"
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E0549FC5-B8E8-455D-867B-BAF321DE7004"
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "01DA6D40-2D3A-4490-B4E6-1367C585ED9A"
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E351CA2-71DB-4025-8477-24DFE5349195"
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34AB221E-3DFA-43E4-9DBA-5565F81C0120"
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FCB774D1-8B5D-4118-8A5B-D7D14D7DE162"
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C10F7C9-FAAA-4D05-8CB2-F5CB397F8410"
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54669C6E-C13B-4602-9CC1-53B24CB897FF"
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40CE5E7C-A965-492F-AE85-535C3E5F1B17"
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F8AAB78-8460-43BB-9326-0395F7496EC8"
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.4:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52F3DA64-2099-4A4F-9F38-F28255F47BD1"
}
],
"operator": "OR"
}
]
}
]