Debian Security Advisory 1918 phpmyadmin – several vulnerabilities

26
Article Source Debian Security Advisories
October 24, 2009, 5:00 pm

Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2009-3696

    Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted MySQL table name.

  • CVE-2009-3697

    SQL injection vulnerability in the PDF schema generator functionality allows remote attackers to execute arbitrary SQL commands. This issue does not apply to the version in Debian 4.0 Etch…