Jump to content

Advisories MDVSA-2011:000: phpmyadmin


paul
 Share

Recommended Posts

Multiple vulnerabilities has been found and corrected in phpmyadmin:

 

error.php in PhpMyAdmin 3.3.8.1 and earlier allows remote attackers

to conduct cross-site scripting (XSS) attacks via a crafted BBcode

tag containing @ characters, as demonstrated using [a@url@page]

(CVE-2010-4480).

 

phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass

authentication and obtain sensitive information via a direct request

to phpinfo.php, which calls the phpinfo function (CVE-2010-4481).

 

This upgrade provides the latest phpmyadmin version for MES5 (3.3.9)

and patches the version for CS4 to address these vulnerabilities.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...