Synopsis
The remote web server contains a PHP application that may allow execution of arbitrary code.
Description
The setup script included with the version of phpMyAdmin installed on the remote host does not properly sanitize user-supplied input to several variables before using them to generate a config file for the application. Using specially crafted POST requests, an unauthenticated, remote attacker may be able to leverage this issue to execute arbitrary PHP code.
Solution
Upgrade to phpMyAdmin version 3.1.3.1 or later. If 3.x cannot be obtained, version 2.11.9.5 has also been patched for this vulnerability.