CVE-2009-1150

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions 2.11.x through 2.11.9.4 phpMyAdmin versions 3.x through 3.1.3.0

Description The issue allows remote attackers to inject arbitrary web script or HTML via the pma db filename template cookie in the export page, specifically in the display export.lib.php file. This is a case of cross-site scripting (XSS) vulnerabilities.

Recommendations For phpMyAdmin versions 2.11.x through 2.11.9.4, update to version 2.11.9.5 or later. For phpMyAdmin versions 3.x through 3.1.3.0, update to version 3.1.3.1 or later. As a temporary workaround, consider restricting access to the export page or disabling the use of the pma db filename template cookie until a patch is available.