It was possible to inject arbitrary SQL commands by forcing an authenticated user to follow a crafted link.
Such issue is quite common in many PHP applications and users should take care what links they follow. We consider these vulnerabilities to be quite dangerous.
Some versions previous to 2.8.1 suffer from this vulnerability.
Upgrade to phpMyAdmin 2.8.1.
Assigned CVE ids: CVE-2006-1804
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.