CVE-2008-1149

Published Mar 4, 2008

Last updated 8 years ago

CVSS info 5.1

Overview

Description: phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.1
Impact score: 6.4
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-352

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B22BF32-DC77-4EB1-9DD8-0B2189039F0C",
            "versionEndIncluding": "2.11.4"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A98FF47C-8BA8-40E1-98F5-743CAD5DC52A"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "346DF9C7-40BE-44FD-BB5A-23F60616E97F"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B00F4D78-34C3-4934-8AFA-B7283388B246"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "962B49A9-380D-4B19-929B-50793EF621C1"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B9F52BC-AC6A-41BB-8276-6176FA068929"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDA3305E-CBC2-4469-923F-29EDA0402CB1"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BC82C85-C9CF-424D-A07A-E841F7AC1904"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0549FC5-B8E8-455D-867B-BAF321DE7004"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01DA6D40-2D3A-4490-B4E6-1367C585ED9A"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E351CA2-71DB-4025-8477-24DFE5349195"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34AB221E-3DFA-43E4-9DBA-5565F81C0120"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCB774D1-8B5D-4118-8A5B-D7D14D7DE162"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C10F7C9-FAAA-4D05-8CB2-F5CB397F8410"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54669C6E-C13B-4602-9CC1-53B24CB897FF"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40CE5E7C-A965-492F-AE85-535C3E5F1B17"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F8AAB78-8460-43BB-9326-0395F7496EC8"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.4:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52F3DA64-2099-4A4F-9F38-F28255F47BD1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References