Package : phpMyAdmin Date : January 19, 2010 Affected: Corporate 4.0 _______________________________________________________________________
Multiple vulnerabilities has been found and corrected in phpMyAdmin:
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors (CVE-2008-7251).
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors (CVE-2008-7252).
scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors (CVE-2009-4605).
This update provides phpMyAdmin 2.11.10, which is not vulnerable to these issues. _______________________________________________________________________