phpmyadmin
Page content
- Author: vmiklos
- Vulnerable: 2.11.2.2-1sayshell1
- Unaffected: 2.11.5-1sayshell1
A vulnerability has been reported in phpMyAdmin, which can be exploited by malicious people to conduct SQL injection attacks. The vulnerability is caused due to the application obtaining parameters via the “$_REQUEST” variable, and using them without proper sanitation in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code via a malicious cookie. Successful exploitation requires that a phpMyAdmin user is tricked into visiting a malicious website.
- Bug Tracker URL: http://bugs.frugalware.org/task/2835
CVEs:
- There is no CVE entry for this issue.