Update for phpMyAdmin
The developers of the widely used phpMyAdmin MySQL administration tool have released an updated version, 2.11.5, which closes an SQL injection vulnerability. Since phpMyAdmin uses the
$_REQUEST variable array instead of
$_POST for reading the parameter list, it is possible on some servers for a user's cookies to become confused. This allows attackers to set their own cookies in visitors' browsers using a page on the same server. Apparently, another application can set an
sql_query name for the root path via a cookie, thus overwriting the user's SQL query.
The developers classify this as a serious security problem. A patch is also available as an alternative to the update: this prevents cookies being contained in the
$_REQUEST array. In addition to this vulnerability, the developers have also eliminated various other errors.
- SQL injection vulnerability, vulnerability report from phpMyAdmin