Mandriva Linux Security Advisory 2010-018 – libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors. libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors. scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. This update provides phpMyAdmin 2.11.10, which is not vulnerable to these issues.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/85414/MDVSA-2010-018.txt
Source: https://packetstormsecurity.com/files/85414/Mandriva-Linux-Security-Advisory-2010-018.html