DSA-2034 phpmyadmin -- several vulnerabilitiesID: oval:org.mitre.oval:def:7290 | Date: (C)2010-05-24 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: phpMyAdmin may create a temporary directory, if the configured directory does not exist yet, with insecure filesystem permissions. phpMyAdmin uses predictable filenames for temporary files, which may lead to a local denial of service attack or privilege escalation. The setup.php script shipped with phpMyAdmin may unserialize untrusted data, allowing for cross site request forgery.