Mandriva Linux Security Advisory 2010-163 - The setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with the ability to save files on the server, this can allow unauthenticated users to execute arbitrary PHP code. It was possible to conduct a XSS attack using crafted URLs or POST parameters on several pages. This upgrade provides phpmyadmin 2.11.10.1 which is not vulnerable for these security issues.
↧