/>
X
Business

phpMyAdmin Plugs SQL Injection, XSS Flaws

A new version of phpMyAdmin has been released to plug two serious security holes that could lead to SQL injection and cross-site scripting attacks.
Written by Ryan Naraine, Contributor on

A new version of phpMyAdmin has been released to plug two serious security holes that could lead to SQL injection and cross-site scripting attacks.

According to an advisory from the maintainers of the open-source tool, one of the vulnerabilities allow remote hackers to inject arbitrary web script or HTML via a crafted MySQL table name.

The second issue is a SQL injection vulnerability that allows remote attackers to inject SQL via various interface parameters of the PDF schema generator feature.

phpMyAdmin is an open source tool written in PHP intended to handle the administration of MySQL over the Web.

The group urged all users to upgrade to phpMyAdmin 3.2.2.1 or 2.11.9.6 immediately.

Editorial standards

Related

The 21 best Black Friday deals under $30 ahead of Cyber Monday
Amazon Fire TV Stick 4K

The 21 best Black Friday deals under $30 ahead of Cyber Monday

The 52 best Black Friday deals on Amazon ahead of Cyber Monday
Image of Amazon Echo Show 8 on a wooden table in front of a person cooking and folding pastry dough.

The 52 best Black Friday deals on Amazon ahead of Cyber Monday

The 62 best Black Friday deals at Costco ahead of Cyber Monday
LG 65" Class - QNED80 Series

The 62 best Black Friday deals at Costco ahead of Cyber Monday