May 17, 2020

phpMyAdmin 3.4.4 and Fix XSS Vulnerability

(LiveHacking.Com) – Norman Hippert from has discovered a vulnerability in phpMyAdmin, the open source database administration tool. As a result the phpMyAdmin developers have announced the release of versions 3.4.4 and These new versions close the hole, discovered by Norman, in the Tracking feature that can lead to multiple cross-site scripting (XSS) vulnerabilities.

The vulnerability exists due to improper sanitisation when input is passed to the table, column and index names. Although, to exploit this vulnerability an attacker must be logged into phpMyAdmin, the development team “consider this vulnerability to be serious.”

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Further information about the updates can be found in the 3.4.4 and release announcements and in the project’s security advisories.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks