(LiveHacking.Com) – phpMyAdmin’s development team has released version 3.4.9 of this open source database administration tool. This new version fixes two critical cross-site scripting (XSS) vulnerabilities in setup interface and the export panels in the server, database and table sections.
All previous versions of phpMyAdmin (3.4.x) and including version 3.4.8 are affected. It is highly recommended to upgrade to version 3.4.9 to correct these security issues.
The new fixes are:
- bug #3442028  Inline editing enum fields with null shows no dropdown
- bug #3442004 [interface] DB suggestion not correct for user with underscore
- bug #3438420 [core] Magic quotes removed in PHP 5.4
- bug #3398788 [session] No feedback when result is empty (signon auth_type)
- bug #3384035 [display] Problems regarding ShowTooltipAliasTB
- bug #3306875  Can’t rename a database that contains views
- bug #3452506  Unable to move tables with triggers
- bug #3449659 [navi] Fast filter broken with table tree
- bug #3448485 [GUI] Firefox favicon frameset regression
- [core] Better compatibility with mysql extension
- [security] Self-XSS on export options (export server/database/table), see PMASA-2011-20
- [security] Self-XSS in setup (host parameter), see PMASA-2011-19
The new versions of phpMyAdmin are available to download from the project website. phpMyAdmin is licensed under version 2 of the GNU General Public License.