An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user"s valid phpMyAdmin token. All 4.0.x versions are affected.