PMASA-2009-5
Announcement-ID: PMASA-2009-5
Date: 2009-06-30
Summary
XSS vulnerability
Description
It was possible to conduct an XSS attack via a crafted SQL bookmark.
Severity
We consider this vulnerability to be serious.
Affected Versions
For 2.11.x: versions are not affected.<br /> For 3.x: All 3.x releases on which the "bookmarks" feature is active are affected.
Solution
Upgrade to phpMyAdmin 3.2.0.1.
References
We wish to thank Sven Vetsch/Disenchant for informing us in a responsible manner. His site is http://disenchant.ch.
Assigned CVE IDs: CVE-2009-2284
Patches
The following commits have been made to fix this issue:
More information
For further information and in case of questions, please contact the phpMyAdmin security team at security@phpmyadmin.net.