DSA-1641 phpmyadmin -- several vulnerabilitiesID: oval:org.mitre.oval:def:8155 | Date: (C)2009-12-15 (M)2021-09-12 |
Class: PATCH | Family: unix |
Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administrate MySQL databases over the web. The Common Vulnerabilities and Exposures project identifies the following problems: Remote authenticated users could execute arbitrary code on the host running phpMyAdmin through manipulation of a script parameter. Cross site scripting through the setup script was possible in rare circumstances. Protection has been added against remote websites loading phpMyAdmin into a frameset. Cross site request forgery allowed remote attackers to create a new database, but not perform any other action on it.