In association with heise online

16 October 2009, 10:25

New versions of phpMyAdmin close security holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A security update has been released for the phpMyAdmin database administration tool. The new versions are and According to the developers' advisory, the previous versions contain two programming flaws that potentially can be exploited for cross-site scripting (XSS) attacks and the injection of arbitrary SQL commands.

The XSS vulnerability allows attackers to embed arbitrary JavaScript code into a victim's phpMyAdmin pages via specially crafted table names when a manipulated link is clicked. The SQL injection vulnerability is caused by a flaw in the processing of PDF export parameters that can usually only be triggered by authenticated users. The developers consider the vulnerabilities a threat and advise users to update.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit