/>
X

'Highly critical' flaws haunt phpMyAdmin

Developers of the open-source phpMyAdmin have released a new version to patch several "highly critical" vulnerabilities that can be used to compromise a vulnerable system.
ryan-naraine.jpg
Written by Ryan Naraine, Contributor on

Developers of the open-source phpMyAdmin have released a new version to patch several "highly critical" vulnerabilities that can be used to compromise a vulnerable system.

The vulnerabilities affect all versions of phpMyAdmin prior to 3.3.10.2 and 3.4.3.1, according to an advisory from Secunia.

phpMyAdmin is a widely used software tool that handles the administration of one or more MySQL servers over the web.

Some basic details on the security problems:

  • An error within the "Swekey_login()" function in libraries/auth/swekey/swekey.auth.lib.php can be exploited to overwrite session variables and e.g. inject and execute arbitrary PHP code.
  • Input passed to the "PMA_createTargetTables()" function in libraries/server_synchronize.lib.php is not properly sanitised before calling the "preg_replace()" function with the "e" modifier. This can be exploited to execute arbitrary PHP code via URL-encoded NULL bytes.
  • Input passed to the "PMA_displayTableBody()" function in libraries/display_tbl.lib.php is not properly sanitised before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences.

Secunia said a weakness in setup scripts, which could lead to arbitrary PHP code injection if session variables are overwritten, was also addressed.

phpMyAdmin users are urged to immediately update to version 3.3.10.2 or 3.4.3.1.

Related

Why you need an Android smartphone with a thermal and IR camera
img-6767

Why you need an Android smartphone with a thermal and IR camera

Android
Dell and Intel just had a big success. It may break your heart
screen-shot-2022-06-23-at-9-16-05-am.png

Dell and Intel just had a big success. It may break your heart

Innovation
Tech jobs: These are the 10 most in-demand developer, cybersecurity and cloud roles
two male and one female colleagues stood over a desk looking at a computer screen and discussing a project cheerfully

Tech jobs: These are the 10 most in-demand developer, cybersecurity and cloud roles

Developer