phpMyAdmin Multiple Vulnerabilities

Multiple vulnerabilities have been identified in phpMyAdmin, which can be exploited by malicious users to conduct script insertion and SQL injection attacks.

1. Input passed via the "User", "Host", "db", and "Command" parameters related to the Status Monitor view is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.
2. Input passed via a link to an object is not properly sanitised before being used to display the contents of a table. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed. Successful exploitation requires that the link transformation plugin is used. This vulnerability is reported in versions 4.0.x prior to 4.0.4.2.
3. Input passed via the "scale" POST parameter to pmd_pdf.php and via the "pdf_page_number" POST parameter to schema_export.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code with the privileges of the control user.

The vulnerabilities #1 and #3 are reported in versions 3.5.x prior to 3.5.8.2 and 4.0.x prior to 4.0.4.2.