| Topic: | customised PhpMyAdmin upgraded to 2.11.7.1 |
| Severity: | Major |
| Versions affected: | all |
| Reported by: | upstream |
| Issue no.: | MDL-15665 |
| Solution: | Install latest package from http://moodle.org/mod/data/view.php?d=13&rid=448 |
Description:
A bug that allows XSRF/CSRF by manipulating the db, convcharset and collation_connection parameters was discovered in PhpMyAdmin and fixed there (thanks to YGN Ethical Hacker Group. Details not disclosed yet). Our local optional add-on based on phpmyadmin has now also been updated with this fix.