propcgamer
Verified User
- Joined
- Dec 27, 2005
- Messages
- 148
Here's the security update: http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php
Announcement-ID: PMASA-2011-14
Date: 2011-09-14
Summary
Multiple XSS.
Description
Firstly, if a row contains javascript code, after inline editing this row and saving, the code is executed. Secondly, missing sanitization on the db, table and column names leads to XSS vulnerabilities.
Severity
We consider these vulnerabilities to be serious.
Mitigation factor
An attacker must be logged in via phpMyAdmin to exploit this problem.
Affected Versions
Versions 3.4.0 to 3.4.4 were found vulnerable.
Solution
Upgrade to phpMyAdmin 3.4.5 or apply the related patches listed below.
Announcement-ID: PMASA-2011-14
Date: 2011-09-14
Summary
Multiple XSS.
Description
Firstly, if a row contains javascript code, after inline editing this row and saving, the code is executed. Secondly, missing sanitization on the db, table and column names leads to XSS vulnerabilities.
Severity
We consider these vulnerabilities to be serious.
Mitigation factor
An attacker must be logged in via phpMyAdmin to exploit this problem.
Affected Versions
Versions 3.4.0 to 3.4.4 were found vulnerable.
Solution
Upgrade to phpMyAdmin 3.4.5 or apply the related patches listed below.