libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain swekey.auth.lib.php local variables via a crafted query string, a related issue to CVE-2011-2505.
https://exchange.xforce.ibmcloud.com/vulnerabilities/68769
https://bugzilla.redhat.com/show_bug.cgi?id=725384
http://www.xxor.se/advisories/phpMyAdmin_3.x_Conditional_Session_Manipulation.txt
http://www.securityfocus.com/bid/48874
http://www.securityfocus.com/archive/1/519155/100/0/threaded
http://www.securityfocus.com/archive/1/518967/100/0/threaded
http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php
http://www.openwall.com/lists/oss-security/2011/07/26/10
http://www.openwall.com/lists/oss-security/2011/07/25/4
http://www.mandriva.com/security/advisories?name=MDVSA-2011:124
http://www.debian.org/security/2011/dsa-2286
http://securityreason.com/securityalert/8322
http://secunia.com/advisories/45515
http://secunia.com/advisories/45365
http://secunia.com/advisories/45315
http://seclists.org/fulldisclosure/2011/Jul/300
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html