Mandrake Security Advisory MDVSA-2009:026-1 (phpMyAdmin) Network Vulnerability

Summary

The remote host is missing an update to phpMyAdmin announced via advisory MDVSA-2009:026-1.

Solution

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:026-1

Insight

Cross-site scripting (XSS) vulnerability in pmd_pdf.php allows remote attackers to inject arbitrary web script or HTML by using db script parameter when register_global php parameter is enabled (CVE-2008-4775). Cross-site request forgery (CSRF) vulnerability in tbl_structure.php allows remote attackers perform SQL injection and execute arbitrary code by using table script parameter (CVE-2008-5621). Multiple cross-site request forgery (CSRF) vulnerabilities in allows remote attackers perform SQL injection by using unknown vectors related to table script parameter (CVE-2008-5622). This update provide the fix for these security issues. Update: The previous update packages wasn't signed, this time they are. Affected: Corporate 4.0

Severity

Classification

CVE CVE-2008-4775, CVE-2008-5621
CVSS Base Score: 6.0
AV:N/AC:M/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Take action and discover your vulnerabilities