SynopsisThe remote web server contains a PHP application that may allow execution of arbitrary code.
DescriptionThe setup script included with the version of phpMyAdmin installed on the remote host does not properly sanitize user-supplied input to several variables before using them to generate a config file for the application. Using specially crafted POST requests, an unauthenticated, remote attacker may be able to leverage this issue to execute arbitrary PHP code.
SolutionUpgrade to phpMyAdmin version 18.104.22.168 or later. If 3.x cannot be obtained, version 22.214.171.124 has also been patched for this vulnerability.