paul Posted August 30, 2010 Report Share Posted August 30, 2010 Multiple vulnerabilities has been found and corrected in phpmyadmin: The setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with the ability to save files on the server, this can allow unauthenticated users to execute arbitrary PHP code (CVE-2010-3055). It was possible to conduct a XSS attack using crafted URLs or POST parameters on several pages (CVE-2010-3056). This upgrade provides phpmyadmin 2.11.10.1 which is not vulnerable for these security issues. Link to comment Share on other sites More sharing options...
Recommended Posts