Jump to content
Sign in to follow this  
paul

Advisories MDVSA-2010:163: phpmyadmin

Recommended Posts

Multiple vulnerabilities has been found and corrected in phpmyadmin:

 

The setup script used to generate configuration can be fooled using

a crafted POST request to include arbitrary PHP code in generated

configuration file. Combined with the ability to save files on the

server, this can allow unauthenticated users to execute arbitrary

PHP code (CVE-2010-3055).

 

It was possible to conduct a XSS attack using crafted URLs or POST

parameters on several pages (CVE-2010-3056).

 

This upgrade provides phpmyadmin 2.11.10.1 which is not vulnerable

for these security issues.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...