DSA-1675 phpmyadmin -- insufficient input sanitisingID: oval:org.mitre.oval:def:8223 | Date: (C)2009-12-15 (M)2021-06-02 |
Class: PATCH | Family: unix |
Masako Oono discovered that phpMyAdmin, a web-based administration interface for MySQL, insufficiently sanitises input allowing a remote attacker to gather sensitive data through cross site scripting, provided that the user uses the Internet Explorer web browser. This update also fixes a regression introduced in DSA 1641, that broke changing of the language and encoding in the login screen.