Multiple Critical Security Vulnerabilities in phpMyAdmin 3.4.3 and Previous
phpMyAdmin is a browser-based MySQL database management application.
Affected Application: phpMyAdmin 3.4.3 and previous.
Please note that the vulnerabilities do not affect 2.11.x versions.
Our Linux shared hosting accounts currently have phpMyAdmin version 220.127.116.11 installed.
Issue: On 07/02/11, multiple critical security vulnerabilities were reported for phpMyAdmin version 3.4.3 and previous. The vulnerabilities could let attackers overwrite session information to bypass authentication, inject malicious code, or perform other actions.
Resolution: An update for phpMyAdmin is available. If you use phpMyAdmin 3.4.3 or previous on a virtual or dedicated server, you must download and install the patch or latest version. Visit the vendor's website for information:
This information was compiled using the following phpMyAdmin security advisory articles:
Possible session manipulation in Swekey authentication.
Possible code injection in setup script in case session variables are compromised.
Regular expression quoting issue in Synchronize code.
Possible directory traversal.
Website Protection Site Scanner scans for this vulnerability, and many more. To learn about Site Scanner, see Getting Started with Website Protection Site Scanner.
Multiple Vulnerabilities in JS Calendar 1.5.1 and 1.5.4 for Joomla!
Cross-Site Scripting Vulnerability in WPtouch Plug-in 18.104.22.168 and 1.9.20
Multiple Vulnerabilities in Joomla! 1.6 and 1.6.1
Cross-Site Scripting Vulnerability in Mojolicious 1.12
Multiple Vulnerabilities in MediaWiki Versions Prior to 1.16.4
Directory Traversal Vulnerability in WP Custom Pages 0.5.0.1
Your message was successfully sent.
There was an error in sending your message, please try again.
Have a question about the content of this article?