Stefan Esser discovered a bug in in the register_globals emulation of phpMyAdmin that allowes to overwrite variables. An attacker could exploit the bug to ultimately execute code (CVE-2005-4079). Additionally several cross-site-scripting bugs were discovered (CVE-2005-3787, CVE-2005-3665). We have released a version update to phpMyAdmin-2.7.0-pl2 which addresses the issues mentioned above.
There is no known workaround, please install the update packages.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 9.0 | noarch | phpmyadmin | < 2.7.0pl2-3 | phpMyAdmin-2.7.0pl2-3.noarch.rpm |
openSUSE | 9.1 | noarch | phpmyadmin | < 2.7.0pl2-1.2 | phpMyAdmin-2.7.0pl2-1.2.noarch.rpm |
openSUSE | 9.2 | noarch | phpmyadmin | < 2.7.0pl2-1.2 | phpMyAdmin-2.7.0pl2-1.2.noarch.rpm |
openSUSE | 10.0 | noarch | phpmyadmin | < 2.7.0pl2-1.2 | phpMyAdmin-2.7.0pl2-1.2.noarch.rpm |
openSUSE | 9.3 | noarch | phpmyadmin | < 2.7.0pl2-1.2 | phpMyAdmin-2.7.0pl2-1.2.noarch.rpm |