Omer Singer of the DigiTrust Group discovered several vulnerabilities in phpMyAdmin, an application to administrate MySQL over the WWW. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-5589 phpMyAdmin allows a remote attacker to inject arbitrary web script or HTML in the context of a logged in user's session (cross site scripting). CVE-2007-5386 phpMyAdmin, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string. For the old stable distribution (sarge) this problem has been fixed in version 4:2.6.2-3sarge6. For the stable distribution (etch) this problem has been fixed in version 4:2.9.1.1-6. For the unstable distribution (sid) this problem has been fixed in version 4:2.11.1.2-1. We recommend that you upgrade your phpmyadmin package.
Omer Singer of the DigiTrust Group discovered several vulnerabilities in phpMyAdmin, an application to administrate MySQL over the WWW. The Common Vulnerabilities and Exposures project identifies the following problems:
phpMyAdmin allows a remote attacker to inject arbitrary web script or HTML in the context of a logged in user's session (cross site scripting).
phpMyAdmin, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.
For the old stable distribution (sarge) this problem has been fixed in version 4:2.6.2-3sarge6.
For the stable distribution (etch) this problem has been fixed in version 4:2.9.1.1-6.
For the unstable distribution (sid) this problem has been fixed in version 4:2.11.1.2-1.
We recommend that you upgrade your phpmyadmin package.
MD5 checksums of the listed files are available in the original advisory.