Jump to content
Sign in to follow this  
paul

Advisories MDVSA-2011:000: phpmyadmin

Recommended Posts

Multiple vulnerabilities has been found and corrected in phpmyadmin:

 

error.php in PhpMyAdmin 3.3.8.1 and earlier allows remote attackers

to conduct cross-site scripting (XSS) attacks via a crafted BBcode

tag containing @ characters, as demonstrated using [a@url@page]

(CVE-2010-4480).

 

phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass

authentication and obtain sensitive information via a direct request

to phpinfo.php, which calls the phpinfo function (CVE-2010-4481).

 

This upgrade provides the latest phpmyadmin version for MES5 (3.3.9)

and patches the version for CS4 to address these vulnerabilities.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...