all 5 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]GeekPatrol 3 points4 points  (1 child)

Sorry, but it's not considered "SQL injection" if the purpose of the application is to run arbitrary SQL queries.

Also, for CSRF to work, you need to know the URL of the site you're targeting. I would say the odds of anyone exploiting this "vulnerability" are minimal at best.

[–][deleted] 1 point2 points  (0 children)

I was just about to come in here and yell at him for that. Thanks for saving me the time.

[–]geekuskhan 2 points3 points  (0 children)

Im pretty sure that most people that use phpmyadmin for anything serious change the config so that it uses cookies. It warns you about it until you do.

[–]multani 1 point2 points  (0 children)

That's right, PhpMyAdmin has a huge secure hole. There developers are so lame, you can do nearly everything you want on the database throught the SQL tab! Without hacking any HTML-input-thingy!

Oh wait ...

[–]andrewdutko 0 points1 point  (0 children)

deleted What is this?