In association with heise online

23 August 2010, 11:26

phpMyAdmin updates close vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

phpMyAdmin Logo The phpMyAdmin developers have announced the release of version and of their database administration tool, security updates that fix one critical and several serious vulnerabilities. According to the developers, a critical vulnerability in the 2.11.x branch of phpMyAdmin could be used to trick the set-up script used to generate configurations by "using a crafted POST request to include arbitrary PHP code in a generated configuration file". When combined with the ability to save files on the server, this could allow unauthenticated users to execute arbitrary PHP code. The 3.x branch of phpMyAdmin is reportedly unaffected.

Additionally, the updates fix several "serious" cross-site scripting (XSS) vulnerabilities in the 2.11.x and 3.x branch that could be used to launch an XSS attack using specially crafted URLs or POST parameters. All previous versions are reportedly affected. The developers advise all users to upgrade as soon as possible.

Version and of phpMyAdmin are available to download from the project's site. phpMyAdmin is licensed under version 2 of the GNU General Public License (GPLv2).

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit