paul Posted January 5, 2011 Report Share Posted January 5, 2011 Multiple vulnerabilities has been found and corrected in phpmyadmin: error.php in PhpMyAdmin 3.3.8.1 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing @ characters, as demonstrated using [a@url@page] (CVE-2010-4480). phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function (CVE-2010-4481). This upgrade provides the latest phpmyadmin version for MES5 (3.3.9) and patches the version for CS4 to address these vulnerabilities. Link to comment Share on other sites More sharing options...
Recommended Posts