phpMyAdmin updates close vulnerabilities

The phpMyAdmin developers have announced the release of version 3.3.5.1 and 2.11.10.1 of their database administration tool, security updates that fix one critical and several serious vulnerabilities. According to the developers, a critical vulnerability in the 2.11.x branch of phpMyAdmin could be used to trick the set-up script used to generate configurations by “using a crafted POST request to include arbitrary PHP code in a generated configuration file”. When combined with the ability to save files on the server, this could allow unauthenticated users to execute arbitrary PHP code. The 3.x branch of phpMyAdmin is reportedly unaffected.

Read more at H-online

Comments are closed.