many of us use phpMyAdmin to help us manage our MySQL databases. If left open to public access, phpMyAdmin is open to a remote attack allowing the attacker to run arbitrary php code.
The best way to protect yourself is to simply password protect phpMyAdmin. On apache, this can usually be done with a .htaccess and .htpasswd file. Hit google for more information on password protecting parts of your website.
The official white paper on the bug is located here:
http://www.packetstormsecurity.org/0407-exploits/phpMyAdmin257.txt
I think I’m OK though, since not only am I too lazy to have updated to 2.5.7, but I also already use .htaccess to protect phpMyAdmin.
– Doug