16 October 2009, 11:25

New versions of phpMyAdmin close security holes

A security update has been released for the phpMyAdmin database administration tool. The new versions are 2.11.9.6 and 3.2.2.1. According to the developers' advisory, the previous versions contain two programming flaws that potentially can be exploited for cross-site scripting (XSS) attacks and the injection of arbitrary SQL commands.

The XSS vulnerability allows attackers to embed arbitrary JavaScript code into a victim's phpMyAdmin pages via specially crafted table names when a manipulated link is clicked. The SQL injection vulnerability is caused by a flaw in the processing of PDF export parameters that can usually only be triggered by authenticated users. The developers consider the vulnerabilities a threat and advise users to update.

New versions of phpMyAdmin close security holes

Internet Toolkit

Shortened-breaks

SSL for free - step by step

Testing email with encryption

The H Security Conficker information site

Health Check: FreeBSD - "The unknown giant"

The H Update Check

Could Apple's iPad be the New Firefox?

When is it worth saying it's Linux?

Health Check: Moonlight

New life for dead software

Interview: Joe Brockmeier, openSUSE Community Manager

What's new in Linux 2.6.32

Faster booting with Upstart

Build a Wi-Fi antenna using household materials

Welcome to The H

The H

The H open source

The H Security

The H Internet Toolkit