Two weaknesses have been reported in phpMyAdmin, which can be exploited by malicious people to disclose system information and conduct spoofing attacks.

1) Input passed via the "type" and "error" parameters to error.php is not properly verified before being used. This can be exploited to render limited HTML content in a user's browser session in context of an affected site and e.g. conduct spoofing attacks.

This weakness is confirmed in version 3.3.8.1.

2) The "phpinfo.php" script is stored with insecure permissions inside the web root. This can be exploited to gain knowledge of sensitive information (e.g. PHP configuration details) by requesting the file directly.

Successful exploitation of this weakness requires that phpMyAdmin has been configured to show the output of "phpinfo()".

Solution
Fixed in the git repository.
Further details available to Secunia VIM customers

Provided and/or discovered by
1) Emanuele "emgent" Gentili, Marco "white_sheep" Rondini, and Alessandro "scox" Scoscia
2) The vendor credits Jörg Sommer

Changelog
Further details available to Secunia VIM customers

Original Advisory
PMASA-2010-9:
http://www.phpmyadmin.net/home_page/security/PMASA-2010-9.php
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=aa6fec0532a9dd48d4e35831c1b1c9785c124dd7

PMASA-2010-10:
http://www.phpmyadmin.net/home_page/security/PMASA-2010-10.php
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=4d9fd005671b05c4d74615d5939ed45e4d019e4c

Deep Links
Links available to Secunia VIM customers