DSA-2391-1 phpmyadmin -- severalID: oval:org.secpod.oval:def:600709 | Date: (C)2012-01-30 (M)2024-02-15 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-4107 The XML import plugin allowed a remote attacker to read arbitrary files via XML data containing external entity references. CVE-2011-1940, CVE-2011-3181 Cross site scripting was possible in the table tracking feature, allowing a remote attacker to inject arbitrary web script or HTML. The oldstable distribution is not affected by these problems.