Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

phpMyAdmin 3.3.x < 3.3.10.1 / 3.4.x < 3.4.1 Multiple Vulnerabilities

Medium

Synopsis

The remote web server contains a PHP application that is vulnerable to multiple attack vectors.

Description

Versions of phpMyAdmin 3.3.x earlier than 3.3.10.1 and 3.4.x earlier than 3.4.1 are potentially affected by multiple vulnerabilities :

- It is possible to create a crafted table name that could lead to a cross-site scripting attack. (PMASA-2011-3)

- It is possible to redirect to an arbitrary, untrusted site, leading to a possible phishing site. (PMASA-2011-4)

Solution

Upgrade to phpMyAdmin 3.3.10.1, 3.4.1, or later.