Description: Eric Romang has reported a vulnerability in xMySQLadmin, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. The vulnerability is caused due to temporary files being created insecurely when dropping a database. This can be exploited via symlink attacks to delete arbitrary files with the privileges of the xMySQLadmin user or disclose the contents of the database. The vulnerability has been reported in version 1.0 and prior. Other versions may also be affected. Solution: Grant only trusted users access to affected systems. Original Advisory: http://www.zataz.net/adviso/xmysqladmin-05292005.txt
*** This bug has been marked as a duplicate of 93792 ***