Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

phpMyAdmin 3.3.x < 3.3.10.3 / 3.4.x < 3.4.3.2 Multiple Vulnerabilities

Medium

Synopsis

The remote web server contains a PHP application that is vulnerable to multiple attack vectors.

Description

Versions of phpMyAdmin 3.3.x earlier than 3.3.10.3 and 3.4.x earlier than 3.4.3.2 are potentially affected by multiple vulnerabilities :

- A cross-site scripting vulnerability exists in the table Print view. (PMASA-2011-9)

- A local file inclusion vulnerability can be exploited via a specially crafted MIME-type transformation parameter. (PMASA-2011-10)

- In the 'relational schema' code a parameter is not sanitized before being used to concatenate a class name which could lead to a local file inclusion or code execution. (PMASA-2011-11)

- It is possible to manipulate the PHP superglobals (including SESSION) using some of the Swekey authentication code. (PMASA-2011-12)

Solution

Upgrade to phpMyAdmin 3.3.10.3, 3.4.3.2, or later.