Link: http://blogs.zdnet.com/security/?p=4616

Read up if you use this software - either on Apache or Windows, there's a serious flaw and you'll be needing to patch .... So get Patching already... or in the meantime don't serve the MyAdmin site until you have time to patch.

According to an advisory from the maintainers of the open-source tool, one of the vulnerabilities allow remote hackers to inject arbitrary web script or HTML via a crafted MySQL table name.

The second issue is a SQL injection vulnerability that allows remote attackers to inject SQL via various interface parameters of the PDF schema generator feature.