Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

phpMyAdmin 3.3.x < / 3.4.x < Multiple Vulnerabilities



The remote web server contains a PHP application that is vulnerable to multiple attack vectors.


Versions of phpMyAdmin 3.3.x earlier than and 3.4.x earlier than are potentially affected by multiple vulnerabilities :

- It is possible to manipulate the PHP session superglobal usig some of the Swekey authentication code. (PMASA-2011-5)

- An unsanitized key from the Servers array is written in a comment of the generated config, which could allow an attacker to close the comment and inject code. (PMASA-2011-6)

- It is possible to use a null byte to truncate the pattern string which would allow an attacker to inject the /e modifier causing the pre_replace function to execute its second argument as PHP code. (PMASA-2011-7)

- An issue exists in the MIME-type transformation code, which allows for directory traversal. (PMASA-2011-8)


Upgrade to phpMyAdmin,, or later.