icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

phpMyAdmin 4.0.x < 4.0.4.1 'import.php' Security Vulnerability

Medium

Synopsis

The remote web server contains a PHP application that is affected by a security vulnerability as a result of improper user input sanitation.

Description

Versions of phpMyAdmin 4.0.0 through 4.0.4 are potentially affected by a remote security vulnerability that lets attackers inject arbitrary GLOBALS variable. The issue occurs because the application fails to properly sanitize user-supplied input submitted to the 'import.php' script. Attackers can exploit this issue to inject arbitrary GLOBALS variables and manipulate any configuration parameters.

Solution

Apply the vendor patches or upgrade to phpMyAdmin 4.0.4.1 or later.