Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4775 to the following vulnerability: Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977. References: http://www.securityfocus.com/archive/1/archive/1/497815/100/0/threaded http://www.securityfocus.com/bid/31928 http://secunia.com/advisories/32449
613 (phpMyAdmin): Build on target fedora-4-epel succeeded. 612 (phpMyAdmin): Build on target fedora-5-epel succeeded. phpMyAdmin-3.0.1.1-1.fc10 Tag: dist-f10-updates-candidate Status: complete phpMyAdmin-3.0.1.1-1.fc9 Tag: dist-f9-updates-candidate Status: complete phpMyAdmin-3.0.1.1-1.fc8 Tag: dist-f8-updates-candidate Status: complete
phpMyAdmin-3.0.1.1-1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/phpMyAdmin-3.0.1.1-1.fc9
phpMyAdmin-3.0.1.1-1.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/phpMyAdmin-3.0.1.1-1.fc8
phpMyAdmin-3.0.1.1-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-3.0.1.1-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-9336 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-9316