October 24, 2016

phpMyAdmin and Released – Multiple Vulnerabilities Fixed

The phpMyAdmin development team has released versions and of their database administration tool.

These updates are for four critical security vulnerabilities, include a session manipulation bug in Swekey authentication, a possible code injection issue in the setup script and a regular expression quoting problem in Synchronize code. With reference to the project website, these security issues could lead to the code injection and execution of arbitrary code.

Further, a directory traversal vulnerability related to the filtering of a file path in the MIME-type transformation code in these versions have been fixed.

The new versions of phpMyAdmin are available to download from the project website. phpMyAdmin is licensed under version 2 of the GNU General Public License.