From PMASA-2010-9, CVE-2010-4480:
Unvalidated input on error page.
It was possible to display arbitrary text and link to external site using parameters passed to particular script.
This issue is considered minor, because the only purpose of affected file is to display an error message.
From PMASA-2010-10, CVE-2010-4481:
Possible information disclosure.
Unauthenticated user was able to display phpinfo output if phpMyAdmin was enabled to show it.
Will be fixed by update to 3.4.0. Stabilization via bug 354227.
Stabilization of a fixed package completed in bug 354227.
GLSA Vote: No.
phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass
authentication and obtain sensitive information via a direct request to
phpinfo.php, which calls the phpinfo function.
error.php in PhpMyAdmin 188.8.131.52, and other versions before 3.4.0-beta1,
allows remote attackers to conduct cross-site scripting (XSS) attacks via a
crafted BBcode tag containing "@" characters, as demonstrated using
voting no too, and closing.