=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2011/VULN143
_____________________________________________________________________

DATE                      : 21/02/2011

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running phpMyAdmin for Moodle versions
                              prior to 2.11.11.3, 3.3.9.2.

======================================================================
http://moodle.org/mod/forum/discuss.php?d=169336
______________________________________________________________________

MSA-11-0001: Customised phpMyAdmin upgraded to 2.11.11.3 and 3.3.9.2
by Petr Skoda (skodak) - Monday, February 21, 2011, 05:01 PM

Topic:	Customised phpMyAdmin upgraded to 2.11.11.3 and 3.3.9.2

Severity:	Major

Versions affected:	all

Reported by:	upstream PMASA-2011-2

Issue no.:	MDL-26372

Solution:
	Install latest package from
http://moodle.org/mod/data/view.php?d=13&rid=448 or cvs

Workaround:
	delete admin/mysql/* in 1.9.x or local/phpmyadmin/* in 2.x


Description:
http://www.phpmyadmin.net/home_page/security/

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================