We received a security advisory from laurent gaffié and we wish to thank him for his work. It was possible to produce XSS via table and database comment field and through position parameter.
We consider this vulnerability to be serious.
Probably all versions to 2.9.1.
Upgrade to phpMyAdmin 220.127.116.11 or newer.
Assigned CVE ids: CVE-2006-6942
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.