-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nth Dimension Security Advisory (NDSA20071119)
Date: 19th November 2007
Author: Tim Brown <mailto:timb@nth-dimension.org.uk>
URL: <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
Product: phpMyAdmin 2.11.2.1 <http://www.phpmyadmin.net/>
Vendor: phpMyAdmin <http://www.phpmyadmin.net/>
Risk: Medium

Summary

The phpMyAdmin login page is vulnerable to Javascript injection within the
request URL.

Technical Details

The value of the URL requested is used in within the web pages returned by the
phpMyAdmin login page, in its unsantised form:

$ grep -n convcharset libraries/auth/cookie.auth.lib.php
48: * @uses    $GLOBALS['convcharset']
236:        <input type="hidden" name="convcharset" value="<?php echo $GLOBALS['convcharset']; ?>" />

Potential intruders could use this to execute malicious code on visitors
computers.

Solutions

Following vendor notification on the 15th November 2007, the vendor promptly
responded with a patch which fixed the issue.  Nth Dimension would recommend
upgrading to 2.11.2.2 as possible.  Nth Dimension would like to thank the
phpMyAdmin team for the way they worked to resolve the issue.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHQgS3VAlO5exu9x8RAibMAJ9EWY3r/WaW2ONluQOWa8QZnHOuWQCg2+SY
4VoqIBDzEHr6Vu7htd65ymY=
=0cAF
-----END PGP SIGNATURE-----