CVE-2011-3591

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions 3.4.x through 3.4.4

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations. This is related to the js/functions.js and js/tbl structure.js files.

Recommendations For phpMyAdmin versions 3.4.x through 3.4.4, update to version 3.4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the js/functions.js and js/tbl structure.js files to minimize the risk of exploitation. Avoid using inline-editing and save operations until the issue is resolved.