October 24, 2009

Debian Security Advisory 1918 phpmyadmin - several vulnerabilities

Article Source Debian Security Advisories
October 24, 2009, 5:00 pm

Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2009-3696

    Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted MySQL table name.

  • CVE-2009-3697

    SQL injection vulnerability in the PDF schema generator functionality allows remote attackers to execute arbitrary SQL commands. This issue does not apply to the version in Debian 4.0 Etch...

Click Here!