Mandriva Linux Security Advisory 2014-183 - In phpMyAdmin before 4.2.9, by deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micro history feature.
1696f1ee65496e52f68751a5547aaee9e1f92d935118a6c145b08acaa2b51116