Debian Security Advisory
DSA-2167-1 phpmyadmin -- SQL injection
- Date Reported:
- 16 Feb 2011
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2011-0987.
- More information:
It was discovered that phpMyAdmin, a tool to administer MySQL over the web, when the bookmarks feature is enabled, allowed to create a bookmarked query which would be executed unintentionally by other users.
For the oldstable distribution (lenny), this problem has been fixed in version 4:220.127.116.11-5+lenny8.
For the stable distribution (squeeze), this problem has been fixed in version 4:3.3.7-5.
For the testing distribution (wheezy) and unstable distribution (sid), this problem has been fixed in version 4:18.104.22.168-1.
We recommend that you upgrade your phpmyadmin packages.