icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

phpMyAdmin 2.x < 2.11.11.3 / 3.x < 3.3.9.2 SQLi (PMASA-2011-2)

Medium

Synopsis

The remote web server contains a PHP application that is vulnerable to a SQL-injection attack.

Description

Versions of phpMyAdmin earlier than 2.11.11.3 / 3.3.9.2 are potentially affected by a SQL-injection vulnerability, because the application makes it possible to create a bookmark which would be executed unintentionally by other users.

Solution

Upgrade to phpMyAdmin 2.11.11.3, 3.3.9.2, or later.