PMASA-2010-1
Announcement-ID: PMASA-2010-1
Date: 2010-01-15
Summary
Unsafe handling of temporary directory
Description
phpMyAdmin used to automatically create temporary world writable directory what could lead to possible misuse of it.
Severity
We consider these vulnerabilities to be not critical.
Affected Versions
For 2.11.x: versions before 2.11.10 are affected.
Unaffected Versions
3.x releases are not affected.
Solution
Upgrade to phpMyAdmin 3.0.0 or 2.11.10.
References
We wish to thank to Thijs Kinkhorst for pointing out this issue.
Assigned CVE IDs: CVE-2008-7251
Patches
The following commits have been made to fix this issue:
The following commits have been made on the 2.11 branch to fix this issue:
More information
For further information and in case of questions, please contact the phpMyAdmin security team at security@phpmyadmin.net.