New versions of phpMyAdmin close security holes
A security update has been released for the phpMyAdmin database administration tool. The new versions are 2.11.9.6 and 3.2.2.1. According to the developers' advisory, the previous versions contain two programming flaws that potentially can be exploited for cross-site scripting (XSS) attacks and the injection of arbitrary SQL commands.
The XSS vulnerability allows attackers to embed arbitrary JavaScript code into a victim's phpMyAdmin pages via specially crafted table names when a manipulated link is clicked. The SQL injection vulnerability is caused by a flaw in the processing of PDF export parameters that can usually only be triggered by authenticated users. The developers consider the vulnerabilities a threat and advise users to update.
(djwm)