phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanation38 reference(s) from NVD