phpMyAdmin security announcement PMASA-2006-3
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-3
Source Mage GNU/Linux Bug 11899
http://bugs.sourcemage.org/show_bug.cgi?id=11899
Summary:
XSRF vulnerabilities
Description:
It was possible to inject arbitrary SQL commands by forcing an
authenticated user to follow a crafted link.
Severity:
Such issue is quite common in many PHP applications and users should
take care what links they follow. We consider these vulnerabilities to
be quite dangerous.
Affected versions:
Some versions previous to 2.8.1 suffer from this vulneribility.
Solution:
Upgrade to phpMyAdmin 2.8.1.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1804
For further information and in case of questions, please contact the
phpMyAdmin team. Our website is http://www.phpmyadmin.net/.
-----
phpmyadmin should be updated to version 2.8.1:
# scribe update
# cast -c phpmyadmin
or
# scribe update
# sorcery queue-security
# cast --queue
--
Ladislav Hagara
|
