phpMyAdmin Plugs SQL Injection, XSS Flaws

A new version of phpMyAdmin has been released to plug two serious security holes that could lead to SQL injection and cross-site scripting attacks.
According to an advisory from the maintainers of the open-source tool, one of the vulnerabilities allow remote hackers to inject arbitrary web script or HTML via a crafted MySQL table name.

A new version of phpMyAdmin has been released to plug two serious security holes that could lead to SQL injection and cross-site scripting attacks.

According to an advisory from the maintainers of the open-source tool, one of the vulnerabilities allow remote hackers to inject arbitrary web script or HTML via a crafted MySQL table name.

The second issue is a SQL injection vulnerability that allows remote attackers to inject SQL via various interface parameters of the PDF schema generator feature.

phpMyAdmin is an open source tool written in PHP intended to handle the administration of MySQL over the Web.

The group urged all users to upgrade to phpMyAdmin 3.2.2.1 or 2.11.9.6 immediately.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.