A new version of phpMyAdmin has been released to plug two security holes that could lead to cross-site scripting attacks. One of the vulnerabilities allow remote hackers to inject arbitrary web script or HTML via a crafted table name. The second issue is a vulnerability that allows remote attackers to inject SQL via various interface parameters of the PDF Scheming tool. The most-rewarded flaw is XSS, which is among those that are relatively cheap for attackers to identify. The group urged all users to upgrade to PHP 3.2.1 or 2.11.6 immediately.
Source: https://threatpost.com/phpmyadmin-plugs-sql-injection-xss-flaws-101609/72336/