December 9, 2016

phpMyAdmin 3.3.10.2 and 3.4.3.1 Released – Multiple Vulnerabilities Fixed

The phpMyAdmin development team has released versions 3.3.10.2 and 3.4.3.1 of their database administration tool.

These updates are for four critical security vulnerabilities, include a session manipulation bug in Swekey authentication, a possible code injection issue in the setup script and a regular expression quoting problem in Synchronize code. With reference to the project website, these security issues could lead to the code injection and execution of arbitrary code.

Further, a directory traversal vulnerability related to the filtering of a file path in the MIME-type transformation code in these versions have been fixed.

The new versions of phpMyAdmin are available to download from the project website. phpMyAdmin is licensed under version 2 of the GNU General Public License.