phpMyAdmin Plugs SQL Injection, XSS Flaws

A new version of phpMyAdmin has been released to plug two serious security holes that could lead to SQL injection and cross-site scripting attacks.

A new version of phpMyAdmin has been released to plug two serious security holes that could lead to SQL injection and cross-site scripting attacks.

According to an advisory from the maintainers of the open-source tool, one of the vulnerabilities allow remote hackers to inject arbitrary web script or HTML via a crafted MySQL table name.

The second issue is a SQL injection vulnerability that allows remote attackers to inject SQL via various interface parameters of the PDF schema generator feature.

phpMyAdmin is an open source tool written in PHP intended to handle the administration of MySQL over the Web.

The group urged all users to upgrade to phpMyAdmin 3.2.2.1 or 2.11.9.6 immediately.