(LiveHacking.Com) – Norman Hippert from The-Wildcat.de has discovered a vulnerability in phpMyAdmin, the open source database administration tool. As a result the phpMyAdmin developers have announced the release of versions 3.4.4 and 220.127.116.11. These new versions close the hole, discovered by Norman, in the Tracking feature that can lead to multiple cross-site scripting (XSS) vulnerabilities.
The vulnerability exists due to improper sanitisation when input is passed to the table, column and index names. Although, to exploit this vulnerability an attacker must be logged into phpMyAdmin, the development team “consider this vulnerability to be serious.”
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Further information about the updates can be found in the 3.4.4 and 18.104.22.168 release announcements and in the project’s security advisories.