phpmyadmin: Multiple Vulnerabilities

Users of phpmyadmin please be advised of a Multiple Vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

MDVSA-2010:163: MDVSA-2010:163 – phpmyadmin – Multiple Vulnerabilities
Problem Description:

Multiple vulnerabilities has been found and corrected in phpmyadmin:

The setup script used to generate configuration can be fooled using

a crafted POST request to include arbitrary PHP code in generated

configuration file. Combined with the ability to save files on the

server, this can allow unauthenticated users to execute arbitrary

PHP code (CVE-2010-3055).

It was possible to conduct a XSS attack using crafted URLs or POST

parameters on several pages (CVE-2010-3056).

This upgrade provides phpmyadmin 2.11.10.1 which is not vulnerable

for these security issues.
Read more at http://www.criticalwatch.com